11241100x80000000000000004017495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.481b93f67fcc94582021-12-22 12:43:25.193root 11241100x80000000000000004017496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8d2298844468e052021-12-22 12:43:25.193root 11241100x80000000000000004017497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f0944d628a384462021-12-22 12:43:25.193root 11241100x80000000000000004017498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eebc6c8e7b1d8c342021-12-22 12:43:25.193root 11241100x80000000000000004017499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12a80a144bbcebff2021-12-22 12:43:25.193root 11241100x80000000000000004017500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77522c6e86314e662021-12-22 12:43:25.193root 11241100x80000000000000004017501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a926118e9be63ac12021-12-22 12:43:25.193root 11241100x80000000000000004017502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88774283dfe911962021-12-22 12:43:25.194root 11241100x80000000000000004017503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00328ee07f17ff0e2021-12-22 12:43:25.194root 11241100x80000000000000004017504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b92d8946dc694232021-12-22 12:43:25.194root 11241100x80000000000000004017505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f06af59c9bee8f332021-12-22 12:43:25.194root 11241100x80000000000000004017506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.412817b98b72652f2021-12-22 12:43:25.194root 11241100x80000000000000004017507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87d65259499e56ab2021-12-22 12:43:25.194root 11241100x80000000000000004017508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0837e0f15e4844c42021-12-22 12:43:25.194root 11241100x80000000000000004017509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdcf35211a04e8ed2021-12-22 12:43:25.195root 11241100x80000000000000004017510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0a07c2ea922ea4c2021-12-22 12:43:25.195root 11241100x80000000000000004017511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59f5a9d47796b6ff2021-12-22 12:43:25.195root 11241100x80000000000000004017512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f35747044037cc22021-12-22 12:43:25.195root 11241100x80000000000000004017513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84b702cec17b075f2021-12-22 12:43:25.195root 11241100x80000000000000004017514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c28239454643eb002021-12-22 12:43:25.195root 11241100x80000000000000004017515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea90e9cadfcc7b6c2021-12-22 12:43:25.195root 11241100x80000000000000004017516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56f6ebc1908d48282021-12-22 12:43:25.196root 11241100x80000000000000004017517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a96bcd986347ac462021-12-22 12:43:25.196root 11241100x80000000000000004017518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01ff5b6a9586777b2021-12-22 12:43:25.196root 11241100x80000000000000004017519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67c19a5bdec5b7b82021-12-22 12:43:25.196root 11241100x80000000000000004017520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4175aea8fd67755c2021-12-22 12:43:25.196root 11241100x80000000000000004017521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e860479588f1cecc2021-12-22 12:43:25.196root 11241100x80000000000000004017522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8af110edf34926e02021-12-22 12:43:25.196root 11241100x80000000000000004017523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb2b4a427b9b8ff42021-12-22 12:43:25.196root 11241100x80000000000000004017524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d12f95a25c1a47a2021-12-22 12:43:25.196root 11241100x80000000000000004017525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ed1e4bc8d4b9de32021-12-22 12:43:25.196root 11241100x80000000000000004017526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec7911b0e591b7772021-12-22 12:43:25.196root 11241100x80000000000000004017527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a6f08b98c6f1eba2021-12-22 12:43:25.197root 11241100x80000000000000004017528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6936a75616d069632021-12-22 12:43:25.197root 11241100x80000000000000004017529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c91a55a12cb9e1612021-12-22 12:43:25.197root 11241100x80000000000000004017530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fc196c70e57e1252021-12-22 12:43:25.197root 11241100x80000000000000004017531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a60f3695f1bea59f2021-12-22 12:43:25.197root 11241100x80000000000000004017532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.665f5dbccc4146992021-12-22 12:43:25.197root 11241100x80000000000000004017533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61319c2ab5f694de2021-12-22 12:43:25.197root 11241100x80000000000000004017534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f2520a0828508d02021-12-22 12:43:25.693root 11241100x80000000000000004017535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b755b57c38b0fce52021-12-22 12:43:25.693root 11241100x80000000000000004017536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c69add6fd995cb2021-12-22 12:43:25.693root 11241100x80000000000000004017537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3e76c9fcb72d9182021-12-22 12:43:25.693root 11241100x80000000000000004017538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb2b34716c5f163a2021-12-22 12:43:25.693root 11241100x80000000000000004017539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.356f12e8cfa318002021-12-22 12:43:25.694root 11241100x80000000000000004017540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8c1aa42998c76872021-12-22 12:43:25.694root 11241100x80000000000000004017541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.696d0097866724662021-12-22 12:43:25.694root 11241100x80000000000000004017542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3266f7ae806a0962021-12-22 12:43:25.694root 11241100x80000000000000004017543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0b46a6a0ca8acc22021-12-22 12:43:25.694root 11241100x80000000000000004017544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76d933307534ac992021-12-22 12:43:25.694root 11241100x80000000000000004017545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72770fb16e18a13f2021-12-22 12:43:25.694root 11241100x80000000000000004017546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c758b28db00af1502021-12-22 12:43:25.695root 11241100x80000000000000004017547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0772aba7f52307dc2021-12-22 12:43:25.695root 11241100x80000000000000004017548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96d1ecb9c627c6822021-12-22 12:43:25.695root 11241100x80000000000000004017549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b06b6eeaee2e8b2021-12-22 12:43:25.695root 11241100x80000000000000004017550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.135fcadc5345a0782021-12-22 12:43:25.695root 11241100x80000000000000004017551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4a55b0bb27b491e2021-12-22 12:43:25.695root 11241100x80000000000000004017552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57970c887c474cd62021-12-22 12:43:25.695root 11241100x80000000000000004017553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a4a1ce792d941782021-12-22 12:43:25.696root 11241100x80000000000000004017554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa524b7a9fa6a7692021-12-22 12:43:25.696root 11241100x80000000000000004017555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc573fe5e5996bd52021-12-22 12:43:25.696root 11241100x80000000000000004017556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bb01b1dd40d8f022021-12-22 12:43:25.696root 11241100x80000000000000004017557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cbfcdd8853ee7db2021-12-22 12:43:25.696root 11241100x80000000000000004017558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9322e40b0481eace2021-12-22 12:43:25.697root 11241100x80000000000000004017559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01e6d1eb12a9725b2021-12-22 12:43:25.697root 11241100x80000000000000004017560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac1f6f5059f0926f2021-12-22 12:43:25.697root 11241100x80000000000000004017561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9483f4835af1336f2021-12-22 12:43:25.697root 11241100x80000000000000004017562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ec57eaf57add3bb2021-12-22 12:43:25.698root 11241100x80000000000000004017563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eae0619818acce72021-12-22 12:43:25.698root 11241100x80000000000000004017564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa50861c23ce4f252021-12-22 12:43:25.698root 11241100x80000000000000004017565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f01d080216b624e2021-12-22 12:43:26.193root 11241100x80000000000000004017566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54b3b3bf419501fa2021-12-22 12:43:26.194root 11241100x80000000000000004017567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7279714a169b3492021-12-22 12:43:26.195root 11241100x80000000000000004017568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c864087a0efe8ce32021-12-22 12:43:26.195root 11241100x80000000000000004017569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b99f1b5121bdd9c42021-12-22 12:43:26.195root 11241100x80000000000000004017570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.612f06cc458a8bec2021-12-22 12:43:26.196root 11241100x80000000000000004017571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5cd742a441ffcd82021-12-22 12:43:26.196root 11241100x80000000000000004017572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f2566175d5ee4c82021-12-22 12:43:26.196root 11241100x80000000000000004017573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.670ed7fe2b1ce3322021-12-22 12:43:26.196root 11241100x80000000000000004017574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd81241958585ed22021-12-22 12:43:26.196root 11241100x80000000000000004017575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b73eb96547434d32021-12-22 12:43:26.196root 11241100x80000000000000004017576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27acbd58d31aee092021-12-22 12:43:26.196root 11241100x80000000000000004017577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.541638c1de8764292021-12-22 12:43:26.196root 11241100x80000000000000004017578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b085f5e97541b4fa2021-12-22 12:43:26.196root 11241100x80000000000000004017579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed0b7134573b08052021-12-22 12:43:26.196root 11241100x80000000000000004017580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d656cf6e16a8be12021-12-22 12:43:26.196root 11241100x80000000000000004017581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e05a99cae5cdab22021-12-22 12:43:26.196root 11241100x80000000000000004017582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee7faf74cd4ab59e2021-12-22 12:43:26.196root 11241100x80000000000000004017583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.133d1b4c856ab1492021-12-22 12:43:26.196root 11241100x80000000000000004017584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2810290c9f0d3582021-12-22 12:43:26.196root 11241100x80000000000000004017585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a72f65116661f932021-12-22 12:43:26.196root 11241100x80000000000000004017586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20920b348e391d722021-12-22 12:43:26.197root 11241100x80000000000000004017587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc19e5fd43d8d852021-12-22 12:43:26.197root 11241100x80000000000000004017588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05394467b620731a2021-12-22 12:43:26.197root 11241100x80000000000000004017589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.229794968d0b73b62021-12-22 12:43:26.197root 11241100x80000000000000004017590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1de7a629f89bcd0b2021-12-22 12:43:26.197root 11241100x80000000000000004017591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b63d4bfd4b7cc742021-12-22 12:43:26.197root 11241100x80000000000000004017592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f9bed751840b56b2021-12-22 12:43:26.197root 11241100x80000000000000004017593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a686eaea85abc3d2021-12-22 12:43:26.197root 11241100x80000000000000004017594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4be22841c247bdfa2021-12-22 12:43:26.197root 11241100x80000000000000004017595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4296d6b6bddde5f42021-12-22 12:43:26.693root 11241100x80000000000000004017596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6754de5abbde6edd2021-12-22 12:43:26.693root 11241100x80000000000000004017597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4e9641e8d9491b12021-12-22 12:43:26.694root 11241100x80000000000000004017598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.294bec32c60d04e12021-12-22 12:43:26.694root 11241100x80000000000000004017599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8861b6e653bba9f72021-12-22 12:43:26.695root 11241100x80000000000000004017600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b28ff13a96f29a212021-12-22 12:43:26.695root 11241100x80000000000000004017601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b535b9915be18c02021-12-22 12:43:26.695root 11241100x80000000000000004017602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aa399d1ecbe6c592021-12-22 12:43:26.695root 11241100x80000000000000004017603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff28df7a44fc7f42021-12-22 12:43:26.695root 11241100x80000000000000004017604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08eb8eed5397db232021-12-22 12:43:26.695root 11241100x80000000000000004017605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a72f67dee8c9b962021-12-22 12:43:26.698root 11241100x80000000000000004017606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66f1723efc4c8c9e2021-12-22 12:43:26.698root 11241100x80000000000000004017607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0ecba301380b8c32021-12-22 12:43:26.698root 11241100x80000000000000004017608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.970986853af8eff02021-12-22 12:43:26.699root 11241100x80000000000000004017609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.345b3532091eed9f2021-12-22 12:43:26.699root 11241100x80000000000000004017610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb31b61987e2d6e32021-12-22 12:43:26.699root 11241100x80000000000000004017611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d9c305f8d37f2de2021-12-22 12:43:26.699root 11241100x80000000000000004017612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88e64fd3bf08afe42021-12-22 12:43:26.699root 11241100x80000000000000004017613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6de33006553c4392021-12-22 12:43:26.699root 11241100x80000000000000004017614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81fc16b5c916412a2021-12-22 12:43:26.699root 11241100x80000000000000004017615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c00e70ccb72f0aad2021-12-22 12:43:26.699root 11241100x80000000000000004017616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fe8476c4a554d462021-12-22 12:43:26.700root 11241100x80000000000000004017617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bdf86612bf6ad3c2021-12-22 12:43:26.700root 11241100x80000000000000004017618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1b703afd168fbba2021-12-22 12:43:26.700root 11241100x80000000000000004017619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cfa3dd495bb590f2021-12-22 12:43:26.700root 11241100x80000000000000004017620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6639904657d3373c2021-12-22 12:43:26.700root 11241100x80000000000000004017621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5517075d4458dff62021-12-22 12:43:26.700root 11241100x80000000000000004017622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32d88358eb6ca8522021-12-22 12:43:26.700root 11241100x80000000000000004017623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a7c9a869bfe89a72021-12-22 12:43:26.700root 11241100x80000000000000004017624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.169d6fed8d5b1fe42021-12-22 12:43:26.700root 11241100x80000000000000004017625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea87bdbb0e162eb22021-12-22 12:43:26.700root 354300x80000000000000004017626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.093{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-56814-false10.0.1.12-8000- 11241100x80000000000000004017627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.094{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f682fd42a1c420e2021-12-22 12:43:27.094root 11241100x80000000000000004017628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.094{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.420ba068d98a636d2021-12-22 12:43:27.094root 11241100x80000000000000004017629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.094{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ac67a58b3f0e85e2021-12-22 12:43:27.094root 11241100x80000000000000004017630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.094{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.684c18614dc68beb2021-12-22 12:43:27.094root 11241100x80000000000000004017631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.094{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efb4b5b3bc32444a2021-12-22 12:43:27.094root 11241100x80000000000000004017632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.095{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9abb490a57a328292021-12-22 12:43:27.095root 11241100x80000000000000004017633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.095{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6d4eaf12b85afdb2021-12-22 12:43:27.095root 11241100x80000000000000004017634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.095{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bc41041186e4ce62021-12-22 12:43:27.095root 11241100x80000000000000004017635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.095{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2968e6945e0feb102021-12-22 12:43:27.095root 11241100x80000000000000004017636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.095{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e4073a5d86827ef2021-12-22 12:43:27.095root 11241100x80000000000000004017637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.095{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c09342fc2e4c923f2021-12-22 12:43:27.095root 11241100x80000000000000004017638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.095{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aff0c7c9f3ba1ce2021-12-22 12:43:27.095root 11241100x80000000000000004017639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.095{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.335dd8ae81f139f32021-12-22 12:43:27.095root 11241100x80000000000000004017640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.095{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ddaeead7e263bc22021-12-22 12:43:27.095root 11241100x80000000000000004017641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.095{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f82386c94453bc42021-12-22 12:43:27.095root 11241100x80000000000000004017642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.096{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ec301fb322872c42021-12-22 12:43:27.096root 11241100x80000000000000004017643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.096{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2270203cb82624842021-12-22 12:43:27.096root 11241100x80000000000000004017644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.096{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c965f1f7b3a59b062021-12-22 12:43:27.096root 11241100x80000000000000004017645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.096{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d9272188cf83df72021-12-22 12:43:27.096root 11241100x80000000000000004017646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.096{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e2c2042236fe7222021-12-22 12:43:27.096root 11241100x80000000000000004017647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.096{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d659c3a2771ffd9c2021-12-22 12:43:27.096root 11241100x80000000000000004017648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.096{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06d13155776389752021-12-22 12:43:27.096root 11241100x80000000000000004017649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.096{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17fb69ea7d8991c92021-12-22 12:43:27.096root 11241100x80000000000000004017650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.096{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.128551feba3639d12021-12-22 12:43:27.096root 11241100x80000000000000004017651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.096{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.710a8155f0413d452021-12-22 12:43:27.096root 11241100x80000000000000004017652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.096{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f569dcd6f2d83082021-12-22 12:43:27.096root 11241100x80000000000000004017653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.096{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0afdc86d54bd8ca72021-12-22 12:43:27.096root 11241100x80000000000000004017654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.096{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c67acd71e54aad4d2021-12-22 12:43:27.096root 11241100x80000000000000004017655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.097{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c90139194764afc92021-12-22 12:43:27.097root 11241100x80000000000000004017656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.097{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b50ef81cc0b820ee2021-12-22 12:43:27.097root 11241100x80000000000000004017657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.097{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34c3074c2b9c7c642021-12-22 12:43:27.097root 11241100x80000000000000004017658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.097{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af673a5182ca6b782021-12-22 12:43:27.097root 11241100x80000000000000004017659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.097{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13802456fb3a03ad2021-12-22 12:43:27.097root 11241100x80000000000000004017660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.097{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.784b61ab903e73782021-12-22 12:43:27.097root 11241100x80000000000000004017661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.097{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c49faf56b85da62021-12-22 12:43:27.097root 11241100x80000000000000004017662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.097{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf7b0aba57e4aa62021-12-22 12:43:27.097root 11241100x80000000000000004017663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.097{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb7c9be8e4bdc0042021-12-22 12:43:27.097root 11241100x80000000000000004017664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.097{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7158fdf4b01a52932021-12-22 12:43:27.097root 11241100x80000000000000004017665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.097{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.868f187e1f2a94022021-12-22 12:43:27.097root 11241100x80000000000000004017666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.098{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdbfe7617bbd6a182021-12-22 12:43:27.098root 11241100x80000000000000004017667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.098{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b0d70355ff6ab792021-12-22 12:43:27.098root 11241100x80000000000000004017668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.098{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d06a9b107a238522021-12-22 12:43:27.098root 11241100x80000000000000004017669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.098{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aafa5aa6c2e113142021-12-22 12:43:27.098root 11241100x80000000000000004017670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.098{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c67f6dfde10b38252021-12-22 12:43:27.098root 11241100x80000000000000004017671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.098{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bee7593061eb14a62021-12-22 12:43:27.098root 11241100x80000000000000004017672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.098{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65bf9f978f9e64162021-12-22 12:43:27.098root 11241100x80000000000000004017673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.098{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3d06819818873bc2021-12-22 12:43:27.098root 11241100x80000000000000004017674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.098{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a539cb2e247a10c2021-12-22 12:43:27.098root 11241100x80000000000000004017675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.098{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc15484cbbd209e82021-12-22 12:43:27.098root 11241100x80000000000000004017676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.098{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f4fa8ad24154d6a2021-12-22 12:43:27.098root 11241100x80000000000000004017677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.098{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1071092ffd76710c2021-12-22 12:43:27.098root 11241100x80000000000000004017678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.098{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1c693347cf3fc1f2021-12-22 12:43:27.098root 11241100x80000000000000004017679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.098{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af2adad9939f61bd2021-12-22 12:43:27.098root 11241100x80000000000000004017680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.098{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcba786d377cd23c2021-12-22 12:43:27.098root 11241100x80000000000000004017681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.099{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.487b97386afe28992021-12-22 12:43:27.099root 11241100x80000000000000004017682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.099{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34752cbbd237fa1c2021-12-22 12:43:27.099root 11241100x80000000000000004017683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.099{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1641214028e0e4652021-12-22 12:43:27.099root 11241100x80000000000000004017684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.099{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2c979181d0d01132021-12-22 12:43:27.099root 11241100x80000000000000004017685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.099{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbe5e2c71407c69e2021-12-22 12:43:27.099root 11241100x80000000000000004017686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.099{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a02d1d533fb68a532021-12-22 12:43:27.099root 11241100x80000000000000004017687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.099{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66d68162354ad24f2021-12-22 12:43:27.099root 11241100x80000000000000004017688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.099{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a057a4e8d6f29f8f2021-12-22 12:43:27.099root 11241100x80000000000000004017689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.099{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fcde42201dc6cde2021-12-22 12:43:27.099root 11241100x80000000000000004017690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.099{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.734425babee883762021-12-22 12:43:27.099root 11241100x80000000000000004017691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.099{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd3ee580ead64c412021-12-22 12:43:27.099root 11241100x80000000000000004017692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.100{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ee362bc178031652021-12-22 12:43:27.100root 11241100x80000000000000004017693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.100{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d55c69a7b4a6f242021-12-22 12:43:27.100root 11241100x80000000000000004017694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.100{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98eb8a20aac9bf302021-12-22 12:43:27.100root 11241100x80000000000000004017695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.100{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.912ca4b2c5f858752021-12-22 12:43:27.100root 11241100x80000000000000004017696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.100{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e21dd3c0b8b7763a2021-12-22 12:43:27.100root 11241100x80000000000000004017697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.100{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05ff09346856aeab2021-12-22 12:43:27.100root 11241100x80000000000000004017698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.100{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be0ea3c6431f78762021-12-22 12:43:27.100root 11241100x80000000000000004017699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c2edbd88d83ea442021-12-22 12:43:27.101root 11241100x80000000000000004017700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1441b75da9dc0742021-12-22 12:43:27.101root 11241100x80000000000000004017701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a43818187d7ba3dd2021-12-22 12:43:27.101root 11241100x80000000000000004017702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f73f15eade3cb2d72021-12-22 12:43:27.101root 11241100x80000000000000004017703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.102{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa4a00239ae6f92c2021-12-22 12:43:27.102root 11241100x80000000000000004017704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.102{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d84a9fd1d972ad742021-12-22 12:43:27.102root 11241100x80000000000000004017705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.102{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f009d21f7b7e1fe32021-12-22 12:43:27.102root 11241100x80000000000000004017706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.103{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f4d311fba85cad02021-12-22 12:43:27.103root 11241100x80000000000000004017707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.103{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d566f63965aad2182021-12-22 12:43:27.103root 11241100x80000000000000004017708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.103{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bab08169cd3d3b82021-12-22 12:43:27.103root 11241100x80000000000000004017709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.103{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0666c3d4b9f260622021-12-22 12:43:27.103root 11241100x80000000000000004017710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.104{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2ebe3c9dc5c549a2021-12-22 12:43:27.104root 11241100x80000000000000004017711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.104{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7213f601237c55a42021-12-22 12:43:27.104root 11241100x80000000000000004017712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.104{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a88675500da1a1012021-12-22 12:43:27.104root 11241100x80000000000000004017713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.104{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e1c01b74d00acae2021-12-22 12:43:27.104root 11241100x80000000000000004017714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.105{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ba4df106f7d6ae2021-12-22 12:43:27.105root 11241100x80000000000000004017715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.105{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ab6695465658ac42021-12-22 12:43:27.105root 11241100x80000000000000004017716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.105{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcdfcb63d3c8f79c2021-12-22 12:43:27.105root 11241100x80000000000000004017717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.105{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abdafd7b2a9f07c02021-12-22 12:43:27.105root 11241100x80000000000000004017718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.105{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf2a96fd1f7c3d12021-12-22 12:43:27.105root 11241100x80000000000000004017719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.106{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cf9049581d6d2942021-12-22 12:43:27.106root 11241100x80000000000000004017720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.107{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7471534c01dc4d42021-12-22 12:43:27.107root 11241100x80000000000000004017721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.107{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5481aa7ce14caac52021-12-22 12:43:27.107root 11241100x80000000000000004017722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.107{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1778958db05933532021-12-22 12:43:27.107root 11241100x80000000000000004017723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.107{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8fcfb7520edcda52021-12-22 12:43:27.107root 11241100x80000000000000004017724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.108{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fb447294555d3c42021-12-22 12:43:27.108root 11241100x80000000000000004017725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.110{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c0830cedb4741972021-12-22 12:43:27.110root 11241100x80000000000000004017726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.110{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a4ebf182a8499672021-12-22 12:43:27.110root 11241100x80000000000000004017727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.111{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a345d2f35c9e7f2021-12-22 12:43:27.111root 11241100x80000000000000004017728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.111{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14512e3c0e9853112021-12-22 12:43:27.111root 11241100x80000000000000004017729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.111{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.332c888b2cbea7c62021-12-22 12:43:27.111root 11241100x80000000000000004017730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.111{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c2b47b60ac36b4d2021-12-22 12:43:27.111root 11241100x80000000000000004017731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.111{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f62beb7cad1521b92021-12-22 12:43:27.111root 11241100x80000000000000004017732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.111{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d35277d5126db322021-12-22 12:43:27.111root 11241100x80000000000000004017733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.112{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.452890b774db23562021-12-22 12:43:27.112root 11241100x80000000000000004017734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.112{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e187ae0bc433dee22021-12-22 12:43:27.112root 154100x80000000000000004017735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.402{ec2b6afe-1d6f-61c3-6844-594210560000}22708/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2319--- 11241100x80000000000000004017736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.405{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc83605bd2bdca812021-12-22 12:43:27.405root 11241100x80000000000000004017737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.405{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5de839a8f61f21b2021-12-22 12:43:27.405root 11241100x80000000000000004017738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.405{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5aa85190e49c9fc2021-12-22 12:43:27.405root 11241100x80000000000000004017739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.405{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c438a1c9cd99a52021-12-22 12:43:27.405root 11241100x80000000000000004017740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.405{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9db473259925243a2021-12-22 12:43:27.405root 11241100x80000000000000004017741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.405{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a38d5ff4a0504de72021-12-22 12:43:27.405root 11241100x80000000000000004017742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.405{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fa3a0cfe738912d2021-12-22 12:43:27.405root 11241100x80000000000000004017743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.405{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd557c52b770be92021-12-22 12:43:27.405root 11241100x80000000000000004017744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.405{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d2da04478db0eaf2021-12-22 12:43:27.405root 11241100x80000000000000004017745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.405{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00f41d763463ae442021-12-22 12:43:27.405root 11241100x80000000000000004017746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.405{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e9750275a17f03d2021-12-22 12:43:27.405root 11241100x80000000000000004017747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.405{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49dcf2400cb6fd432021-12-22 12:43:27.405root 11241100x80000000000000004017748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.405{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe4d0f8224b517312021-12-22 12:43:27.405root 11241100x80000000000000004017749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.406{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c298218057410bbe2021-12-22 12:43:27.406root 11241100x80000000000000004017750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.406{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1151b1b5fecd28162021-12-22 12:43:27.406root 11241100x80000000000000004017751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.406{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df3cc18cd0b556602021-12-22 12:43:27.406root 11241100x80000000000000004017752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.406{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.360eedd051d9caed2021-12-22 12:43:27.406root 11241100x80000000000000004017753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.406{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41830793e8bda6ec2021-12-22 12:43:27.406root 11241100x80000000000000004017754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.406{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e523f86d822e6e812021-12-22 12:43:27.406root 11241100x80000000000000004017755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.406{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44ad4fcc0668a0c62021-12-22 12:43:27.406root 11241100x80000000000000004017756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.406{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c144ee4878a01d702021-12-22 12:43:27.406root 11241100x80000000000000004017757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.406{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8d9ebb5f76089992021-12-22 12:43:27.406root 11241100x80000000000000004017758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.406{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d964b5703a1e9bbd2021-12-22 12:43:27.406root 11241100x80000000000000004017759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.406{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f8eb808683523642021-12-22 12:43:27.406root 11241100x80000000000000004017760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.406{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb04f760b7438c512021-12-22 12:43:27.406root 11241100x80000000000000004017761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.406{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f974b12f003f46ed2021-12-22 12:43:27.406root 11241100x80000000000000004017762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.406{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c79bd2b6ff6f900b2021-12-22 12:43:27.406root 11241100x80000000000000004017763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.406{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.411137714bc29dfb2021-12-22 12:43:27.406root 11241100x80000000000000004017764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.407{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3177ef8e13df1c3f2021-12-22 12:43:27.407root 11241100x80000000000000004017765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.407{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c7dfad1b4ab32892021-12-22 12:43:27.407root 11241100x80000000000000004017766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.407{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6675f12892d6a802021-12-22 12:43:27.407root 11241100x80000000000000004017767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.407{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.193f3d9e57930edb2021-12-22 12:43:27.407root 534500x80000000000000004017768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.422{ec2b6afe-1d6f-61c3-6844-594210560000}22708/bin/psroot 11241100x80000000000000004017769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbda54d93f86f4152021-12-22 12:43:27.693root 11241100x80000000000000004017770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6aadb8bf4ac8e902021-12-22 12:43:27.694root 11241100x80000000000000004017771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ac7015c9173d9b12021-12-22 12:43:27.694root 11241100x80000000000000004017772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26733d688d2b8f7e2021-12-22 12:43:27.694root 11241100x80000000000000004017773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b91eacaff3e50472021-12-22 12:43:27.694root 11241100x80000000000000004017774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f3290da850441ba2021-12-22 12:43:27.694root 11241100x80000000000000004017775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c51fd2b5ea12c8c2021-12-22 12:43:27.694root 11241100x80000000000000004017776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05e39f1112a5944e2021-12-22 12:43:27.694root 11241100x80000000000000004017777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33ef84e0d997ec8d2021-12-22 12:43:27.694root 11241100x80000000000000004017778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf4aa1d95e173ba52021-12-22 12:43:27.695root 11241100x80000000000000004017779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f014ba92bddaca2021-12-22 12:43:27.695root 11241100x80000000000000004017780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.209b5d982d5fdcd72021-12-22 12:43:27.695root 11241100x80000000000000004017781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fe630150c8b28702021-12-22 12:43:27.695root 11241100x80000000000000004017782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5e3e13c3d2264902021-12-22 12:43:27.695root 11241100x80000000000000004017783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97f1c6234b80132a2021-12-22 12:43:27.695root 11241100x80000000000000004017784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91784efbebfb9c112021-12-22 12:43:27.695root 11241100x80000000000000004017785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a862eb0a7b6bc4da2021-12-22 12:43:27.695root 11241100x80000000000000004017786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41cb26e90f7a06ff2021-12-22 12:43:27.695root 11241100x80000000000000004017787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8ee306289f0fb212021-12-22 12:43:27.696root 11241100x80000000000000004017788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3c7a59780c007032021-12-22 12:43:27.696root 11241100x80000000000000004017789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.351947754678a7b92021-12-22 12:43:27.696root 11241100x80000000000000004017790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f7ebe30624002612021-12-22 12:43:27.696root 11241100x80000000000000004017791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd7f3005cd65c7bd2021-12-22 12:43:27.696root 11241100x80000000000000004017792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.658c035e7fe72c722021-12-22 12:43:27.696root 11241100x80000000000000004017793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6d18b87bfa790ef2021-12-22 12:43:27.696root 11241100x80000000000000004017794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fde373bdb587a94a2021-12-22 12:43:27.696root 11241100x80000000000000004017795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d328e9ba5cfef6542021-12-22 12:43:27.696root 11241100x80000000000000004017796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6426af71a958d432021-12-22 12:43:27.697root 11241100x80000000000000004017797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dcedd88c117738d2021-12-22 12:43:27.697root 11241100x80000000000000004017798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7937cec34891fe2f2021-12-22 12:43:27.697root 11241100x80000000000000004017799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcf315f59242a84d2021-12-22 12:43:27.697root 11241100x80000000000000004017800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60e224df54939abc2021-12-22 12:43:27.697root 11241100x80000000000000004017801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e431e5b95a2769e62021-12-22 12:43:27.697root 11241100x80000000000000004017802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76a418ac8dffaf2c2021-12-22 12:43:28.193root 11241100x80000000000000004017803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fca77b04164b24ac2021-12-22 12:43:28.193root 11241100x80000000000000004017804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d5ea5eea6d92cba2021-12-22 12:43:28.194root 11241100x80000000000000004017805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.389692cb20b75a002021-12-22 12:43:28.194root 11241100x80000000000000004017806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c73bbc69f6d95ba82021-12-22 12:43:28.194root 11241100x80000000000000004017807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebeb4c788be0e9462021-12-22 12:43:28.194root 11241100x80000000000000004017808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b44a8080c0d4e5b42021-12-22 12:43:28.194root 11241100x80000000000000004017809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a798f5f25533eec82021-12-22 12:43:28.194root 11241100x80000000000000004017810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04c48be4b34999102021-12-22 12:43:28.194root 11241100x80000000000000004017811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09ababe7704684ab2021-12-22 12:43:28.194root 11241100x80000000000000004017812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e452ef484a6c8562021-12-22 12:43:28.194root 11241100x80000000000000004017813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b36464fd50b3b502021-12-22 12:43:28.194root 11241100x80000000000000004017814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e36953256d1304af2021-12-22 12:43:28.195root 11241100x80000000000000004017815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99f8844dc9bfe8ee2021-12-22 12:43:28.195root 11241100x80000000000000004017816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a28c5ec56898f3d82021-12-22 12:43:28.195root 11241100x80000000000000004017817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26fc71bad1849f5e2021-12-22 12:43:28.195root 11241100x80000000000000004017818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.238aea156c217ee12021-12-22 12:43:28.195root 11241100x80000000000000004017819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8121ee26b964db72021-12-22 12:43:28.195root 11241100x80000000000000004017820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f504f57e9d55be02021-12-22 12:43:28.195root 11241100x80000000000000004017821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a549afbfe4a414052021-12-22 12:43:28.195root 11241100x80000000000000004017822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f10a4fabc73804812021-12-22 12:43:28.195root 11241100x80000000000000004017823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e51f13deca9a76d2021-12-22 12:43:28.195root 11241100x80000000000000004017824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc5099aff8ea50912021-12-22 12:43:28.196root 11241100x80000000000000004017825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be9225900f6b13e82021-12-22 12:43:28.196root 11241100x80000000000000004017826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e68ad5522bac076a2021-12-22 12:43:28.196root 11241100x80000000000000004017827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.304af2de590175762021-12-22 12:43:28.196root 11241100x80000000000000004017828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c62c42447b7e71682021-12-22 12:43:28.196root 11241100x80000000000000004017829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e9490c8b2e4f0062021-12-22 12:43:28.196root 11241100x80000000000000004017830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa76182002f84922021-12-22 12:43:28.196root 11241100x80000000000000004017831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2696c5da367239d2021-12-22 12:43:28.196root 11241100x80000000000000004017832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b3b15c36f935f6f2021-12-22 12:43:28.197root 11241100x80000000000000004017833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dab13978821f9302021-12-22 12:43:28.197root 11241100x80000000000000004017834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b0a2c8f8a4f5e832021-12-22 12:43:28.197root 11241100x80000000000000004017835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eac33f719fb3b1e32021-12-22 12:43:28.693root 11241100x80000000000000004017836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14a40954a0b0f4d02021-12-22 12:43:28.693root 11241100x80000000000000004017837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76298145c27b04f12021-12-22 12:43:28.693root 11241100x80000000000000004017838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a34c99179cd1a472021-12-22 12:43:28.693root 11241100x80000000000000004017839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f62bded7fba5655f2021-12-22 12:43:28.693root 11241100x80000000000000004017840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3893f5cb379b504f2021-12-22 12:43:28.693root 11241100x80000000000000004017841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3368d0a6938076fa2021-12-22 12:43:28.693root 11241100x80000000000000004017842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c43f6749860dd1562021-12-22 12:43:28.694root 11241100x80000000000000004017843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1063ddaa2b5c88d12021-12-22 12:43:28.694root 11241100x80000000000000004017844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed051e18b518ccb22021-12-22 12:43:28.694root 11241100x80000000000000004017845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d69616c34fcae14c2021-12-22 12:43:28.694root 11241100x80000000000000004017846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a936984c09a68b82021-12-22 12:43:28.694root 11241100x80000000000000004017847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97ffb45bf477374a2021-12-22 12:43:28.694root 11241100x80000000000000004017848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be8e51aecce1a4cf2021-12-22 12:43:28.694root 11241100x80000000000000004017849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75cd8b606e8457602021-12-22 12:43:28.695root 11241100x80000000000000004017850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ec387a60476cd302021-12-22 12:43:28.695root 11241100x80000000000000004017851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7aacc71d217d2272021-12-22 12:43:28.695root 11241100x80000000000000004017852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d02fef060e1391e2021-12-22 12:43:28.695root 11241100x80000000000000004017853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa9fcb9ae0b237c42021-12-22 12:43:28.695root 11241100x80000000000000004017854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35c80f7e2ea849422021-12-22 12:43:28.695root 11241100x80000000000000004017855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e9c8ca5435632322021-12-22 12:43:28.695root 11241100x80000000000000004017856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d422625f42ceb82d2021-12-22 12:43:28.695root 11241100x80000000000000004017857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29e93b714d165b682021-12-22 12:43:28.695root 11241100x80000000000000004017858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53f219d6ee8914ff2021-12-22 12:43:28.696root 11241100x80000000000000004017859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98af1063712d05d32021-12-22 12:43:28.696root 11241100x80000000000000004017860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02dc04bd313ac96e2021-12-22 12:43:28.696root 11241100x80000000000000004017861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41b85ec67da0078d2021-12-22 12:43:28.696root 11241100x80000000000000004017862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db6cc4d674580f032021-12-22 12:43:28.696root 11241100x80000000000000004017863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbca73fb3ad915f72021-12-22 12:43:28.697root 11241100x80000000000000004017864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6efc04c13e92e9d62021-12-22 12:43:28.697root 11241100x80000000000000004017865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b1bdce520a381c2021-12-22 12:43:28.697root 11241100x80000000000000004017866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c93730ba48bc50d92021-12-22 12:43:28.697root 11241100x80000000000000004017867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14cb2d90b7f0f6902021-12-22 12:43:28.698root 11241100x80000000000000004017868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.433a53de8a6b3ee82021-12-22 12:43:28.698root 11241100x80000000000000004017869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92b10a05a502b28c2021-12-22 12:43:28.698root 11241100x80000000000000004017870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5ce57e95c6dd7592021-12-22 12:43:28.699root 11241100x80000000000000004017871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7679d409d39df8412021-12-22 12:43:28.699root 11241100x80000000000000004017872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ef11decc65d44b42021-12-22 12:43:28.699root 11241100x80000000000000004017873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.905e613b7595be662021-12-22 12:43:29.193root 11241100x80000000000000004017874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4666603dedea44072021-12-22 12:43:29.193root 11241100x80000000000000004017875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ff927a6db81a8c2021-12-22 12:43:29.194root 11241100x80000000000000004017876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e37afdf6c33fa862021-12-22 12:43:29.194root 11241100x80000000000000004017877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97943215ba55f4232021-12-22 12:43:29.194root 11241100x80000000000000004017878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e489c9ee62e456452021-12-22 12:43:29.194root 11241100x80000000000000004017879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f3c2b26f5dde00d2021-12-22 12:43:29.195root 11241100x80000000000000004017880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43dae0b2fcd57fd62021-12-22 12:43:29.195root 11241100x80000000000000004017881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b65e5948754d6ddf2021-12-22 12:43:29.195root 11241100x80000000000000004017882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6529f6e2a41e45ae2021-12-22 12:43:29.195root 11241100x80000000000000004017883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad20ca76239ec3492021-12-22 12:43:29.196root 11241100x80000000000000004017884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa33a00afb13f1b42021-12-22 12:43:29.196root 11241100x80000000000000004017885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a757f6034ce2e9aa2021-12-22 12:43:29.196root 11241100x80000000000000004017886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0fbc900ce80fe332021-12-22 12:43:29.197root 11241100x80000000000000004017887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94045e8846060c0d2021-12-22 12:43:29.197root 11241100x80000000000000004017888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1a0007f5de899ed2021-12-22 12:43:29.197root 11241100x80000000000000004017889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18c5029c21461bfe2021-12-22 12:43:29.197root 11241100x80000000000000004017890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54d46aecbddedb4e2021-12-22 12:43:29.198root 11241100x80000000000000004017891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22909d79a91d15f62021-12-22 12:43:29.198root 11241100x80000000000000004017892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c7f9080d59432372021-12-22 12:43:29.198root 11241100x80000000000000004017893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b2b3ede01fe57302021-12-22 12:43:29.198root 11241100x80000000000000004017894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40acf5daa04a540f2021-12-22 12:43:29.198root 11241100x80000000000000004017895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfed2cbf019ffa992021-12-22 12:43:29.199root 11241100x80000000000000004017896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d62807c50fbba05f2021-12-22 12:43:29.199root 11241100x80000000000000004017897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1af0fa22c78b1f3e2021-12-22 12:43:29.199root 11241100x80000000000000004017898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc95862c1aea250c2021-12-22 12:43:29.199root 11241100x80000000000000004017899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3789d24f586debb12021-12-22 12:43:29.199root 11241100x80000000000000004017900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6602bf08e64d34b92021-12-22 12:43:29.199root 11241100x80000000000000004017901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18ac25b2342695402021-12-22 12:43:29.200root 11241100x80000000000000004017902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e246d4bc370b7b72021-12-22 12:43:29.200root 11241100x80000000000000004017903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86e99895dde166d72021-12-22 12:43:29.200root 11241100x80000000000000004017904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3576a5820e4137282021-12-22 12:43:29.200root 11241100x80000000000000004017905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed6dc3dcf6047d782021-12-22 12:43:29.200root 11241100x80000000000000004017906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa21c069d2c54daf2021-12-22 12:43:29.200root 11241100x80000000000000004017907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cceccdd69116ed4d2021-12-22 12:43:29.200root 11241100x80000000000000004017908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcb6116f501c26a82021-12-22 12:43:29.692root 11241100x80000000000000004017909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47e99aef29e028cb2021-12-22 12:43:29.693root 11241100x80000000000000004017910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3db5b525321d74762021-12-22 12:43:29.693root 11241100x80000000000000004017911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5056d8d0cd203f4c2021-12-22 12:43:29.693root 11241100x80000000000000004017912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43d841b7c252fdaa2021-12-22 12:43:29.693root 11241100x80000000000000004017913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bbf4737679610dd2021-12-22 12:43:29.693root 11241100x80000000000000004017914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11ac02e7ac73913a2021-12-22 12:43:29.693root 11241100x80000000000000004017915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd2446e2fb4251192021-12-22 12:43:29.694root 11241100x80000000000000004017916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e74b718c4922273a2021-12-22 12:43:29.694root 11241100x80000000000000004017917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36db114d8488593c2021-12-22 12:43:29.694root 11241100x80000000000000004017918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.364dba62ac130a3a2021-12-22 12:43:29.694root 11241100x80000000000000004017919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01148e339c9aacc02021-12-22 12:43:29.694root 11241100x80000000000000004017920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f12d87069858e8d22021-12-22 12:43:29.695root 11241100x80000000000000004017921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd29ff3c2f562c6f2021-12-22 12:43:29.695root 11241100x80000000000000004017922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26a311119357576a2021-12-22 12:43:29.695root 11241100x80000000000000004017923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.919acf97f54108b32021-12-22 12:43:29.695root 11241100x80000000000000004017924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80408ae0692d60ae2021-12-22 12:43:29.695root 11241100x80000000000000004017925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0765d1fa2a8db3082021-12-22 12:43:29.695root 11241100x80000000000000004017926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a6c1283e7c6028e2021-12-22 12:43:29.696root 11241100x80000000000000004017927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09777de26c8ac1c32021-12-22 12:43:29.696root 11241100x80000000000000004017928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bce267ccbdfb1fc22021-12-22 12:43:29.696root 11241100x80000000000000004017929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.252e4cfdb5e9c3c22021-12-22 12:43:29.696root 11241100x80000000000000004017930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25c2061592485b602021-12-22 12:43:29.696root 11241100x80000000000000004017931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61344524566053f42021-12-22 12:43:29.697root 11241100x80000000000000004017932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b9f209cabd8475b2021-12-22 12:43:29.697root 11241100x80000000000000004017933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef512517fc0b3efe2021-12-22 12:43:29.697root 11241100x80000000000000004017934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73d3c30130af910b2021-12-22 12:43:29.697root 11241100x80000000000000004017935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d478a9f7542710f02021-12-22 12:43:29.698root 11241100x80000000000000004017936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0234fe92b487c65d2021-12-22 12:43:29.698root 11241100x80000000000000004017937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1da9a1a7491553f2021-12-22 12:43:29.698root 11241100x80000000000000004017938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b6d99a5edaf29ea2021-12-22 12:43:29.698root 11241100x80000000000000004017939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94005b8ebb5302772021-12-22 12:43:29.698root 11241100x80000000000000004017940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddfd615f13af28ca2021-12-22 12:43:29.699root 11241100x80000000000000004017941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aebc603625492942021-12-22 12:43:29.699root 11241100x80000000000000004017942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06f601837d89b86e2021-12-22 12:43:29.700root 11241100x80000000000000004017943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee3592df193c8b782021-12-22 12:43:29.700root 11241100x80000000000000004017944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bc74c1cbb6eb8442021-12-22 12:43:29.700root 11241100x80000000000000004017945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c4f6728b1e3ca512021-12-22 12:43:30.193root 11241100x80000000000000004017946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6eb11d81addb79a2021-12-22 12:43:30.194root 11241100x80000000000000004017947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e98b8591f4421c52021-12-22 12:43:30.194root 11241100x80000000000000004017948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aa0ef67dae1b6f22021-12-22 12:43:30.194root 11241100x80000000000000004017949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.254070717bf635f82021-12-22 12:43:30.194root 11241100x80000000000000004017950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdf429b329c0a8e22021-12-22 12:43:30.194root 11241100x80000000000000004017951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.082425170a9d1af02021-12-22 12:43:30.195root 11241100x80000000000000004017952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2ea3f48c1d5211f2021-12-22 12:43:30.195root 11241100x80000000000000004017953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbfbaee1c13b68712021-12-22 12:43:30.195root 11241100x80000000000000004017954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feabc8d27229e8732021-12-22 12:43:30.195root 11241100x80000000000000004017955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.948e506dcd72784b2021-12-22 12:43:30.195root 11241100x80000000000000004017956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7c1af34c0a41fce2021-12-22 12:43:30.195root 11241100x80000000000000004017957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8bd1edc0f21f8f32021-12-22 12:43:30.195root 11241100x80000000000000004017958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.989e2d0105904dbb2021-12-22 12:43:30.196root 11241100x80000000000000004017959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.094a82522d23bffa2021-12-22 12:43:30.196root 11241100x80000000000000004017960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.538ab4967cee786f2021-12-22 12:43:30.196root 11241100x80000000000000004017961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0abb27a3d3e0be892021-12-22 12:43:30.196root 11241100x80000000000000004017962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6156cf3024743872021-12-22 12:43:30.196root 11241100x80000000000000004017963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bb380f38ba64e502021-12-22 12:43:30.196root 11241100x80000000000000004017964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9be839f7775edec2021-12-22 12:43:30.196root 11241100x80000000000000004017965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d98494ee74c36782021-12-22 12:43:30.196root 11241100x80000000000000004017966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.923e74e8a46327462021-12-22 12:43:30.197root 11241100x80000000000000004017967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd0f7e91fa96a0ba2021-12-22 12:43:30.197root 11241100x80000000000000004017968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4355e79ba8990712021-12-22 12:43:30.197root 11241100x80000000000000004017969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc0200bff2d5baa42021-12-22 12:43:30.197root 11241100x80000000000000004017970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0af2c0600c9393b72021-12-22 12:43:30.197root 11241100x80000000000000004017971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d65f96647b916f9e2021-12-22 12:43:30.197root 11241100x80000000000000004017972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa5f0e6e112e69932021-12-22 12:43:30.197root 11241100x80000000000000004017973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2922c1ff924611b2021-12-22 12:43:30.197root 11241100x80000000000000004017974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ecf556d242bc2522021-12-22 12:43:30.197root 11241100x80000000000000004017975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fae0349255dad0e2021-12-22 12:43:30.197root 11241100x80000000000000004017976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f06174cfe61d1c12021-12-22 12:43:30.198root 11241100x80000000000000004017977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5a4e215da6f744f2021-12-22 12:43:30.198root 11241100x80000000000000004017978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e1a40d232505a6f2021-12-22 12:43:30.693root 11241100x80000000000000004017979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2049a5e0eb23b0d02021-12-22 12:43:30.693root 11241100x80000000000000004017980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38a53f9b357fb30a2021-12-22 12:43:30.693root 11241100x80000000000000004017981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.178b5cab12926d442021-12-22 12:43:30.693root 11241100x80000000000000004017982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebac210ab330569f2021-12-22 12:43:30.693root 11241100x80000000000000004017983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.427ffe5db655b9ab2021-12-22 12:43:30.693root 11241100x80000000000000004017984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56e08c6ffcce841d2021-12-22 12:43:30.694root 11241100x80000000000000004017985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed6b54cd5290ceb52021-12-22 12:43:30.694root 11241100x80000000000000004017986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0787530a829fd9d12021-12-22 12:43:30.694root 11241100x80000000000000004017987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfcbe1173be1af7e2021-12-22 12:43:30.694root 11241100x80000000000000004017988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db1a41867f02bd002021-12-22 12:43:30.694root 11241100x80000000000000004017989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f4d4348f1f102472021-12-22 12:43:30.694root 11241100x80000000000000004017990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0b35de8d6a1c4bc2021-12-22 12:43:30.694root 11241100x80000000000000004017991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1018ffbba0a544e2021-12-22 12:43:30.695root 11241100x80000000000000004017992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.242feb2ef16d8d1e2021-12-22 12:43:30.695root 11241100x80000000000000004017993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da58eb721e68de0a2021-12-22 12:43:30.695root 11241100x80000000000000004017994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b78efb5d9216cb32021-12-22 12:43:30.695root 11241100x80000000000000004017995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e43f3c337c8d913c2021-12-22 12:43:30.695root 11241100x80000000000000004017996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.930f1fca39e2ebe52021-12-22 12:43:30.695root 11241100x80000000000000004017997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f913d136537374d02021-12-22 12:43:30.696root 11241100x80000000000000004017998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41ca1d04f4c7418f2021-12-22 12:43:30.696root 11241100x80000000000000004017999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2209284e3187045e2021-12-22 12:43:30.696root 11241100x80000000000000004018000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efc5599e4560f33a2021-12-22 12:43:30.696root 11241100x80000000000000004018001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0549637cab1555c72021-12-22 12:43:30.696root 11241100x80000000000000004018002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ae6e72ec91a9f82021-12-22 12:43:30.696root 11241100x80000000000000004018003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f85348e5b175f7932021-12-22 12:43:30.696root 11241100x80000000000000004018004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f699a10bf718a762021-12-22 12:43:30.696root 11241100x80000000000000004018005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4b98e9217e29d1a2021-12-22 12:43:30.697root 11241100x80000000000000004018006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69088d63f70e66d52021-12-22 12:43:30.697root 11241100x80000000000000004018007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d67074a6bcd4d85a2021-12-22 12:43:30.697root 11241100x80000000000000004018008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9604c38837d202592021-12-22 12:43:30.697root 11241100x80000000000000004018009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a4badc2e1836a3b2021-12-22 12:43:30.697root 11241100x80000000000000004018010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ccb06c4171530592021-12-22 12:43:30.697root 11241100x80000000000000004018011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8894d6a75cdb35bd2021-12-22 12:43:30.697root 11241100x80000000000000004018012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b07d68cefbd238922021-12-22 12:43:30.697root 11241100x80000000000000004018013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80b5656b7d83aa992021-12-22 12:43:31.193root 11241100x80000000000000004018014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d73a420c10081942021-12-22 12:43:31.193root 11241100x80000000000000004018015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dc9dade43b21a462021-12-22 12:43:31.193root 11241100x80000000000000004018016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aee0831b61ddff72021-12-22 12:43:31.193root 11241100x80000000000000004018017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87b2a107bf9e3af12021-12-22 12:43:31.193root 11241100x80000000000000004018018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e476a0365a7487032021-12-22 12:43:31.193root 11241100x80000000000000004018019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1b38abfe6aed7682021-12-22 12:43:31.194root 11241100x80000000000000004018020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b97bf73299d1bf2021-12-22 12:43:31.194root 11241100x80000000000000004018021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4950cea4775e8a752021-12-22 12:43:31.194root 11241100x80000000000000004018022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51009bacdc10d9582021-12-22 12:43:31.194root 11241100x80000000000000004018023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a6d2578bad0fdd82021-12-22 12:43:31.194root 11241100x80000000000000004018024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cbeb098f47c3e752021-12-22 12:43:31.194root 11241100x80000000000000004018025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fffb306763491272021-12-22 12:43:31.195root 11241100x80000000000000004018026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fda86ebb3cce8f72021-12-22 12:43:31.195root 11241100x80000000000000004018027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99d587ef4a0d6b792021-12-22 12:43:31.195root 11241100x80000000000000004018028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55dcef7f20b45b912021-12-22 12:43:31.195root 11241100x80000000000000004018029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec7dadfa93809dd72021-12-22 12:43:31.195root 11241100x80000000000000004018030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f764068c5179b8182021-12-22 12:43:31.195root 11241100x80000000000000004018031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb624055a8c90ed02021-12-22 12:43:31.196root 11241100x80000000000000004018032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.707fd4e6ae79f81a2021-12-22 12:43:31.196root 11241100x80000000000000004018033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f339225b30cb5ed2021-12-22 12:43:31.196root 11241100x80000000000000004018034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af94930f362d3bf62021-12-22 12:43:31.196root 11241100x80000000000000004018035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12f54b3640cd6c902021-12-22 12:43:31.196root 11241100x80000000000000004018036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d2682a7332642292021-12-22 12:43:31.197root 11241100x80000000000000004018037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10ff035981ce9b972021-12-22 12:43:31.197root 11241100x80000000000000004018038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0af2251d5260ca842021-12-22 12:43:31.197root 11241100x80000000000000004018039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84eddf5f292145622021-12-22 12:43:31.197root 11241100x80000000000000004018040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c7dab85720e6d1f2021-12-22 12:43:31.197root 11241100x80000000000000004018041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60327cf9f603cdf72021-12-22 12:43:31.197root 11241100x80000000000000004018042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6b9f0c6b752fad42021-12-22 12:43:31.198root 11241100x80000000000000004018043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55eeace9f7fd39212021-12-22 12:43:31.198root 11241100x80000000000000004018044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2593a8c2bac47bf32021-12-22 12:43:31.198root 11241100x80000000000000004018045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d81b8d0d614aaa2021-12-22 12:43:31.198root 11241100x80000000000000004018046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e982fbfbbf0c266e2021-12-22 12:43:31.198root 11241100x80000000000000004018047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41309af270578cf72021-12-22 12:43:31.198root 11241100x80000000000000004018048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fc7ba1f24fa907f2021-12-22 12:43:31.198root 11241100x80000000000000004018049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c0519415ce4d4732021-12-22 12:43:31.199root 11241100x80000000000000004018050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d510a764af785a22021-12-22 12:43:31.199root 11241100x80000000000000004018051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83b1de998b48854b2021-12-22 12:43:31.199root 11241100x80000000000000004018052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51ccefb67b8a5f222021-12-22 12:43:31.199root 11241100x80000000000000004018053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8257be9241290042021-12-22 12:43:31.693root 11241100x80000000000000004018054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8024edec61c929142021-12-22 12:43:31.693root 11241100x80000000000000004018055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.159c44a74e9437212021-12-22 12:43:31.693root 11241100x80000000000000004018056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a8e85ab197240a2021-12-22 12:43:31.693root 11241100x80000000000000004018057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.091d87dcd124d0c32021-12-22 12:43:31.694root 11241100x80000000000000004018058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd5d4caa1f13c5002021-12-22 12:43:31.694root 11241100x80000000000000004018059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f010be61e83e5ecf2021-12-22 12:43:31.694root 11241100x80000000000000004018060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f15a2b3ffce33372021-12-22 12:43:31.694root 11241100x80000000000000004018061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eed792af2d3c8bb2021-12-22 12:43:31.694root 11241100x80000000000000004018062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a61a5f7cc541b7d52021-12-22 12:43:31.694root 11241100x80000000000000004018063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.949d38730c3312822021-12-22 12:43:31.694root 11241100x80000000000000004018064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e049d08642155042021-12-22 12:43:31.694root 11241100x80000000000000004018065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce4b81b3b636a652021-12-22 12:43:31.695root 11241100x80000000000000004018066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52dc2ebf78b5a8032021-12-22 12:43:31.695root 11241100x80000000000000004018067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.722b58d09b822b262021-12-22 12:43:31.695root 11241100x80000000000000004018068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6ec0b679f8fdc7c2021-12-22 12:43:31.695root 11241100x80000000000000004018069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41c148b33dcb1f0d2021-12-22 12:43:31.695root 11241100x80000000000000004018070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06243a1e575cdcb82021-12-22 12:43:31.695root 11241100x80000000000000004018071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c563ddc98f9de772021-12-22 12:43:31.695root 11241100x80000000000000004018072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3f4ee671fdbf7762021-12-22 12:43:31.695root 11241100x80000000000000004018073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe374770385e41632021-12-22 12:43:31.695root 11241100x80000000000000004018074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc0526e0b2e459302021-12-22 12:43:31.696root 11241100x80000000000000004018075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f2bbc2fb2d917802021-12-22 12:43:31.696root 11241100x80000000000000004018076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a1856c7fa51d892021-12-22 12:43:31.696root 11241100x80000000000000004018077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbdd05a61c1f811f2021-12-22 12:43:31.696root 11241100x80000000000000004018078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ed76d3de36caa702021-12-22 12:43:31.696root 11241100x80000000000000004018079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0cf08515f211c362021-12-22 12:43:31.696root 11241100x80000000000000004018080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfe6ba10f8b25f7d2021-12-22 12:43:31.696root 11241100x80000000000000004018081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.265f0f341b6d23022021-12-22 12:43:31.696root 11241100x80000000000000004018082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbcef2922a7325682021-12-22 12:43:31.696root 11241100x80000000000000004018083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70fab9f560d2aa862021-12-22 12:43:31.697root 11241100x80000000000000004018084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0316fadc35d816fe2021-12-22 12:43:31.697root 11241100x80000000000000004018085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18691d9d43779d212021-12-22 12:43:31.697root 11241100x80000000000000004018086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.732324292d2a63742021-12-22 12:43:31.697root 11241100x80000000000000004018087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deed3c5dbfcf1dee2021-12-22 12:43:31.697root 11241100x80000000000000004018088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b10c42c19f4375392021-12-22 12:43:31.697root 11241100x80000000000000004018089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c7e3aa2119fbd2d2021-12-22 12:43:31.697root 11241100x80000000000000004018090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.551a88b2c6e833bf2021-12-22 12:43:31.698root 11241100x80000000000000004018091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.859b69a9a8941ca82021-12-22 12:43:31.698root 11241100x80000000000000004018092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5f07f8656b7825b2021-12-22 12:43:31.698root 11241100x80000000000000004018093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99fcbbe11516be402021-12-22 12:43:31.698root 11241100x80000000000000004018094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.572d927466de28192021-12-22 12:43:32.193root 11241100x80000000000000004018095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af9b5ecc2df911052021-12-22 12:43:32.193root 11241100x80000000000000004018096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7255b0ddfecc4e692021-12-22 12:43:32.194root 11241100x80000000000000004018097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d42b762ea5f22982021-12-22 12:43:32.194root 11241100x80000000000000004018098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e4abb107720fdd92021-12-22 12:43:32.194root 11241100x80000000000000004018099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75d482573409d1fa2021-12-22 12:43:32.194root 11241100x80000000000000004018100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.795225573b3bf0392021-12-22 12:43:32.194root 11241100x80000000000000004018101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb04a980acb45f7c2021-12-22 12:43:32.194root 11241100x80000000000000004018102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3787cf307cd182de2021-12-22 12:43:32.194root 11241100x80000000000000004018103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd55ceec8e209f5c2021-12-22 12:43:32.194root 11241100x80000000000000004018104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ef6b375d68a998c2021-12-22 12:43:32.195root 11241100x80000000000000004018105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d5c4ee51f1828d2021-12-22 12:43:32.195root 11241100x80000000000000004018106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2677f4d369a7d4692021-12-22 12:43:32.195root 11241100x80000000000000004018107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7be0b841e8ef2372021-12-22 12:43:32.195root 11241100x80000000000000004018108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37105a9adecdc6122021-12-22 12:43:32.195root 11241100x80000000000000004018109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0544ad5d9cefb492021-12-22 12:43:32.195root 11241100x80000000000000004018110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d5e65a4146c78ea2021-12-22 12:43:32.195root 11241100x80000000000000004018111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6a154e27d73376f2021-12-22 12:43:32.195root 11241100x80000000000000004018112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b820d0857848b3c2021-12-22 12:43:32.196root 11241100x80000000000000004018113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7804273d676635b92021-12-22 12:43:32.196root 11241100x80000000000000004018114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ddb3b80e15abc022021-12-22 12:43:32.196root 11241100x80000000000000004018115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.767c55343bdc01d52021-12-22 12:43:32.196root 11241100x80000000000000004018116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7280fa78382f36322021-12-22 12:43:32.196root 11241100x80000000000000004018117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a7eaff3307678be2021-12-22 12:43:32.196root 11241100x80000000000000004018118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c3f6ee798a8548b2021-12-22 12:43:32.196root 11241100x80000000000000004018119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1891ea9e445bc3ad2021-12-22 12:43:32.196root 11241100x80000000000000004018120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a806b466b6ce50022021-12-22 12:43:32.196root 11241100x80000000000000004018121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d1e011c5d3931172021-12-22 12:43:32.196root 11241100x80000000000000004018122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.897796330dbfe96b2021-12-22 12:43:32.197root 11241100x80000000000000004018123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec4e6743b4e65e422021-12-22 12:43:32.197root 11241100x80000000000000004018124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3df386a6b779b7df2021-12-22 12:43:32.197root 11241100x80000000000000004018125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3ad969aaf7e47df2021-12-22 12:43:32.197root 11241100x80000000000000004018126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18dd26d6bb294f732021-12-22 12:43:32.197root 11241100x80000000000000004018127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56e914db0e7e6e5d2021-12-22 12:43:32.693root 11241100x80000000000000004018128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71c169ebe7096e6c2021-12-22 12:43:32.693root 11241100x80000000000000004018129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.559ac4312215c6ac2021-12-22 12:43:32.693root 11241100x80000000000000004018130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f58bc182f8085bdb2021-12-22 12:43:32.694root 11241100x80000000000000004018131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.763094e296461d1b2021-12-22 12:43:32.694root 11241100x80000000000000004018132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55b9d537eb8b0b692021-12-22 12:43:32.694root 11241100x80000000000000004018133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6306d40a7d0f7ebf2021-12-22 12:43:32.694root 11241100x80000000000000004018134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef29777d0b0351062021-12-22 12:43:32.694root 11241100x80000000000000004018135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.882cfcdb3db931f42021-12-22 12:43:32.694root 11241100x80000000000000004018136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.905ad3d7061e13fd2021-12-22 12:43:32.694root 11241100x80000000000000004018137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a0cf928727d55072021-12-22 12:43:32.695root 11241100x80000000000000004018138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2986d82ff1d4233d2021-12-22 12:43:32.695root 11241100x80000000000000004018139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8727acd4e6fb6dbf2021-12-22 12:43:32.695root 11241100x80000000000000004018140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2383201b933b3e3e2021-12-22 12:43:32.695root 11241100x80000000000000004018141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe356741bef74d102021-12-22 12:43:32.695root 11241100x80000000000000004018142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61234e8daf103faa2021-12-22 12:43:32.695root 11241100x80000000000000004018143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26c38ecf78b548f92021-12-22 12:43:32.695root 11241100x80000000000000004018144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60dd070dbf69deb62021-12-22 12:43:32.695root 11241100x80000000000000004018145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f07f4f9caa196e842021-12-22 12:43:32.695root 11241100x80000000000000004018146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fbbeca03c2b4cd52021-12-22 12:43:32.695root 11241100x80000000000000004018147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c759a8f0053f01d52021-12-22 12:43:32.696root 11241100x80000000000000004018148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bd8d50d991b7b9d2021-12-22 12:43:32.696root 11241100x80000000000000004018149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8c965c2b19b81212021-12-22 12:43:32.696root 11241100x80000000000000004018150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccc340675b02f8512021-12-22 12:43:32.696root 11241100x80000000000000004018151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df6aa749b77b708f2021-12-22 12:43:32.696root 11241100x80000000000000004018152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.997a48def90326c02021-12-22 12:43:32.696root 11241100x80000000000000004018153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49cd036e8f5524782021-12-22 12:43:32.696root 11241100x80000000000000004018154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77919e647a7298462021-12-22 12:43:32.696root 11241100x80000000000000004018155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a3eeb317fb8ab8b2021-12-22 12:43:32.697root 11241100x80000000000000004018156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20052a380dd843732021-12-22 12:43:32.697root 11241100x80000000000000004018157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed15ab18ac103c4f2021-12-22 12:43:32.697root 11241100x80000000000000004018158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cba8d33715b3c842021-12-22 12:43:32.697root 11241100x80000000000000004018159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b284878894af2462021-12-22 12:43:32.697root 11241100x80000000000000004018160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b184bf59c3ad38262021-12-22 12:43:32.698root 11241100x80000000000000004018161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4ca89e04ddf338e2021-12-22 12:43:32.698root 11241100x80000000000000004018162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29b756c4a7b534372021-12-22 12:43:32.698root 11241100x80000000000000004018163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.852784d071cee8462021-12-22 12:43:32.698root 11241100x80000000000000004018164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f59f1222e639dd9f2021-12-22 12:43:32.698root 11241100x80000000000000004018165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fb56c6ddd7bd1d72021-12-22 12:43:32.699root 354300x80000000000000004018166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.048{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-56816-false10.0.1.12-8000- 11241100x80000000000000004018167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.049{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59d514510fd945a42021-12-22 12:43:33.049root 11241100x80000000000000004018168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.049{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4f869bb5e1f8a0f2021-12-22 12:43:33.049root 11241100x80000000000000004018169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.049{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e8d0bb39d595322021-12-22 12:43:33.049root 11241100x80000000000000004018170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.049{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5284da0251edd6852021-12-22 12:43:33.049root 11241100x80000000000000004018171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.049{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.108d7902b3ef2a1f2021-12-22 12:43:33.049root 11241100x80000000000000004018172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.049{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2170b97479e16242021-12-22 12:43:33.049root 11241100x80000000000000004018173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.049{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bde5c84128ae79c2021-12-22 12:43:33.049root 11241100x80000000000000004018174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.050{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc6df78b04a9a9ae2021-12-22 12:43:33.050root 11241100x80000000000000004018175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.050{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.607540065444b17e2021-12-22 12:43:33.050root 11241100x80000000000000004018176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.050{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed87736fcaaf90672021-12-22 12:43:33.050root 11241100x80000000000000004018177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.050{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.723e9093272018d02021-12-22 12:43:33.050root 11241100x80000000000000004018178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.050{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a94ae1d5ddc879572021-12-22 12:43:33.050root 11241100x80000000000000004018179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.050{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a71a2d9bd2c144852021-12-22 12:43:33.050root 11241100x80000000000000004018180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.050{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb9882f9860113512021-12-22 12:43:33.050root 11241100x80000000000000004018181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.051{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60ecbf93657c190c2021-12-22 12:43:33.051root 11241100x80000000000000004018182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.051{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5bf3f95321896622021-12-22 12:43:33.051root 11241100x80000000000000004018183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.051{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c0c73aa56caf082021-12-22 12:43:33.051root 11241100x80000000000000004018184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.051{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7faef7583df0f3112021-12-22 12:43:33.051root 11241100x80000000000000004018185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.051{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d2507b555f7c3a02021-12-22 12:43:33.051root 11241100x80000000000000004018186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.052{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.006fd49f81c6f46e2021-12-22 12:43:33.052root 11241100x80000000000000004018187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.052{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf08852536fda912021-12-22 12:43:33.052root 11241100x80000000000000004018188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.052{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe1d191c1b435b612021-12-22 12:43:33.052root 11241100x80000000000000004018189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.052{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f843df51311d65c2021-12-22 12:43:33.052root 11241100x80000000000000004018190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.052{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bc00032d4d91c392021-12-22 12:43:33.052root 11241100x80000000000000004018191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.052{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f0155d55886de162021-12-22 12:43:33.052root 11241100x80000000000000004018192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.052{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0dc3ec60475d5e42021-12-22 12:43:33.052root 11241100x80000000000000004018193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.053{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38d3df9f87867be02021-12-22 12:43:33.053root 11241100x80000000000000004018194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.053{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e19a0b1dbbc2aad2021-12-22 12:43:33.053root 11241100x80000000000000004018195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.053{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24d7880ec548679d2021-12-22 12:43:33.053root 11241100x80000000000000004018196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.053{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90ade3038385ef992021-12-22 12:43:33.053root 11241100x80000000000000004018197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.053{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18c3ab92506aade82021-12-22 12:43:33.053root 11241100x80000000000000004018198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.053{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68f526af1a7b812e2021-12-22 12:43:33.053root 11241100x80000000000000004018199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.053{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fe006fd642fa7d02021-12-22 12:43:33.053root 11241100x80000000000000004018200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.053{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d93fcf7af35ba87a2021-12-22 12:43:33.053root 11241100x80000000000000004018201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.054{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8daf28d1c0563de2021-12-22 12:43:33.054root 11241100x80000000000000004018202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.054{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1281de16351b3d6d2021-12-22 12:43:33.054root 11241100x80000000000000004018203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.054{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e5c98d1b4a77a432021-12-22 12:43:33.054root 11241100x80000000000000004018204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.054{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc6d9ecbe7bccd62021-12-22 12:43:33.054root 11241100x80000000000000004018205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.054{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b971f3a1520a1a372021-12-22 12:43:33.054root 11241100x80000000000000004018206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.055{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.842fa11189577a9e2021-12-22 12:43:33.055root 11241100x80000000000000004018207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.055{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d9abc2b8d0d9e232021-12-22 12:43:33.055root 11241100x80000000000000004018208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.055{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79d2d06837d9f53f2021-12-22 12:43:33.055root 11241100x80000000000000004018209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.055{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25999dffa428fa3a2021-12-22 12:43:33.055root 11241100x80000000000000004018210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.055{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94938fff7d78787b2021-12-22 12:43:33.055root 11241100x80000000000000004018211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.055{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1c75272c6942c762021-12-22 12:43:33.055root 11241100x80000000000000004018212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.056{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cafa17a61cfc689c2021-12-22 12:43:33.056root 11241100x80000000000000004018213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.124{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-22 12:43:33.124root 11241100x80000000000000004018214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4484d309cb528eb22021-12-22 12:43:33.443root 11241100x80000000000000004018215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79fef4e8f9eaad2e2021-12-22 12:43:33.443root 11241100x80000000000000004018216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad714b6ee9de6d9e2021-12-22 12:43:33.443root 11241100x80000000000000004018217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6f7f57448c8822b2021-12-22 12:43:33.443root 11241100x80000000000000004018218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04d0cf75b0dfb0d92021-12-22 12:43:33.443root 11241100x80000000000000004018219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d8a1019332a64e62021-12-22 12:43:33.443root 11241100x80000000000000004018220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b39419af7decbc2021-12-22 12:43:33.443root 11241100x80000000000000004018221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.064ccb72634dde8e2021-12-22 12:43:33.444root 11241100x80000000000000004018222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e942c672358f0232021-12-22 12:43:33.444root 11241100x80000000000000004018223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.092a9bb8717bcb5f2021-12-22 12:43:33.444root 11241100x80000000000000004018224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e959296855d09d702021-12-22 12:43:33.444root 11241100x80000000000000004018225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f585f3f23023a382021-12-22 12:43:33.444root 11241100x80000000000000004018226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bab0b268edc86fdd2021-12-22 12:43:33.445root 11241100x80000000000000004018227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.154808db74576e472021-12-22 12:43:33.445root 11241100x80000000000000004018228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.706021fc67ed51672021-12-22 12:43:33.445root 11241100x80000000000000004018229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4c59d5b147d61812021-12-22 12:43:33.445root 11241100x80000000000000004018230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee74f22c37370aa42021-12-22 12:43:33.445root 11241100x80000000000000004018231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bb7ab7ec3c8ab652021-12-22 12:43:33.446root 11241100x80000000000000004018232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1881bc822f3cf6202021-12-22 12:43:33.446root 11241100x80000000000000004018233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c738ae4169d2dfda2021-12-22 12:43:33.446root 11241100x80000000000000004018234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.181711f72758ce422021-12-22 12:43:33.446root 11241100x80000000000000004018235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93c00a87a7a9ccd42021-12-22 12:43:33.447root 11241100x80000000000000004018236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.075e83196bc9ac702021-12-22 12:43:33.447root 11241100x80000000000000004018237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eff150f0ba1c44e52021-12-22 12:43:33.447root 11241100x80000000000000004018238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aad088a60cb8a4752021-12-22 12:43:33.447root 11241100x80000000000000004018239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abe5b1072abcd9f22021-12-22 12:43:33.447root 11241100x80000000000000004018240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.370060ce88628afa2021-12-22 12:43:33.448root 11241100x80000000000000004018241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb8d220659f62bb52021-12-22 12:43:33.448root 11241100x80000000000000004018242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5f4c5133bfcda632021-12-22 12:43:33.448root 11241100x80000000000000004018243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8388479bcd8fb2c72021-12-22 12:43:33.448root 11241100x80000000000000004018244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64311c0cc50445b12021-12-22 12:43:33.449root 11241100x80000000000000004018245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.332ce52413356c152021-12-22 12:43:33.449root 11241100x80000000000000004018246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8eecc41bae6703f2021-12-22 12:43:33.449root 11241100x80000000000000004018247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dc11e0e0a4ef1b32021-12-22 12:43:33.449root 11241100x80000000000000004018248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb0d20f7434508a32021-12-22 12:43:33.450root 11241100x80000000000000004018249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09dda47fbed744a32021-12-22 12:43:33.450root 11241100x80000000000000004018250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f07029796e3c9db2021-12-22 12:43:33.450root 11241100x80000000000000004018251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06c39c617f4c8b012021-12-22 12:43:33.450root 11241100x80000000000000004018252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8108cdc4df8cddaf2021-12-22 12:43:33.450root 11241100x80000000000000004018253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0427217c91751f8e2021-12-22 12:43:33.943root 11241100x80000000000000004018254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c1b9feabe6b17c2021-12-22 12:43:33.943root 11241100x80000000000000004018255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.336b1e5e5b2850e92021-12-22 12:43:33.944root 11241100x80000000000000004018256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cbb99b8b3d5436c2021-12-22 12:43:33.944root 11241100x80000000000000004018257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ec4e65c86cc88312021-12-22 12:43:33.944root 11241100x80000000000000004018258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a03fde6437c97252021-12-22 12:43:33.945root 11241100x80000000000000004018259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08b27f6e6c132aae2021-12-22 12:43:33.945root 11241100x80000000000000004018260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65727954fd5c08cc2021-12-22 12:43:33.945root 11241100x80000000000000004018261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e645c1c2b2df6b792021-12-22 12:43:33.945root 11241100x80000000000000004018262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3561b13ce696d8162021-12-22 12:43:33.945root 11241100x80000000000000004018263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b921e1dc923b63ab2021-12-22 12:43:33.945root 11241100x80000000000000004018264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8280ca5d8e14a802021-12-22 12:43:33.945root 11241100x80000000000000004018265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac3ece5bc7fa29d12021-12-22 12:43:33.946root 11241100x80000000000000004018266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e7dd5584cc4b19f2021-12-22 12:43:33.946root 11241100x80000000000000004018267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3872fd465ea164d2021-12-22 12:43:33.946root 11241100x80000000000000004018268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa3b7023ddfb07572021-12-22 12:43:33.946root 11241100x80000000000000004018269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.745d92ca68a33c502021-12-22 12:43:33.946root 11241100x80000000000000004018270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a1aa703080a114e2021-12-22 12:43:33.946root 11241100x80000000000000004018271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37b49c210b7564e42021-12-22 12:43:33.946root 11241100x80000000000000004018272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac8176fd9916c90d2021-12-22 12:43:33.947root 11241100x80000000000000004018273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6af01927fb762572021-12-22 12:43:33.947root 11241100x80000000000000004018274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.790915b6202f1aec2021-12-22 12:43:33.947root 11241100x80000000000000004018275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92d361601574c3562021-12-22 12:43:33.947root 11241100x80000000000000004018276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c60c4c4ba4a9682021-12-22 12:43:33.947root 11241100x80000000000000004018277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eb3786828ba1d4c2021-12-22 12:43:33.947root 11241100x80000000000000004018278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c51923b47f345582021-12-22 12:43:33.948root 11241100x80000000000000004018279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4704768bb12278852021-12-22 12:43:33.948root 11241100x80000000000000004018280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.688a729c9336b3f52021-12-22 12:43:33.948root 11241100x80000000000000004018281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b812dc8fe016f9662021-12-22 12:43:33.948root 11241100x80000000000000004018282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cce68019b0a9ec382021-12-22 12:43:33.948root 11241100x80000000000000004018283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85edaa8e0aae99eb2021-12-22 12:43:33.948root 11241100x80000000000000004018284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eee24789defed6f42021-12-22 12:43:33.948root 11241100x80000000000000004018285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aadec15995c18122021-12-22 12:43:33.949root 11241100x80000000000000004018286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2676d7dcc860f182021-12-22 12:43:33.949root 11241100x80000000000000004018287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbb4204f2b97d8ea2021-12-22 12:43:33.949root 354300x80000000000000004018288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.293{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-43882-false10.0.1.12-8089- 11241100x80000000000000004018289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.294{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c79818d039e645f2021-12-22 12:43:34.294root 11241100x80000000000000004018290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.294{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f4930e2da715c252021-12-22 12:43:34.294root 11241100x80000000000000004018291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.294{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d445bcbc25721d402021-12-22 12:43:34.294root 11241100x80000000000000004018292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.294{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49cd5cde9c54171b2021-12-22 12:43:34.294root 11241100x80000000000000004018293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.294{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53eac5924b7b550f2021-12-22 12:43:34.294root 11241100x80000000000000004018294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.294{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a45a3ba97eea56e2021-12-22 12:43:34.294root 11241100x80000000000000004018295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.294{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9560beb2179c13162021-12-22 12:43:34.294root 11241100x80000000000000004018296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.294{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f0744b65b0d6a1a2021-12-22 12:43:34.294root 11241100x80000000000000004018297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.294{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f10e31e7342dc1342021-12-22 12:43:34.294root 11241100x80000000000000004018298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.294{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.734845c3a39b22ca2021-12-22 12:43:34.294root 11241100x80000000000000004018299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.295{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faece57cbadb1ba52021-12-22 12:43:34.295root 11241100x80000000000000004018300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.295{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26c644de841ad1af2021-12-22 12:43:34.295root 11241100x80000000000000004018301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.295{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6c97f7ecdbc0ee72021-12-22 12:43:34.295root 11241100x80000000000000004018302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.295{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56f4058dbcfe7e482021-12-22 12:43:34.295root 11241100x80000000000000004018303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.295{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faac88aa75a578362021-12-22 12:43:34.295root 11241100x80000000000000004018304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.295{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.396bbebe4b3033602021-12-22 12:43:34.295root 11241100x80000000000000004018305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.295{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcddb1dcc37242b62021-12-22 12:43:34.295root 11241100x80000000000000004018306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.295{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee3cfd7d692479722021-12-22 12:43:34.295root 11241100x80000000000000004018307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.295{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b82f5af7053f12912021-12-22 12:43:34.295root 11241100x80000000000000004018308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.295{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e91e6a01ec19b27d2021-12-22 12:43:34.295root 11241100x80000000000000004018309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.295{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fec0a71a599b49e22021-12-22 12:43:34.295root 11241100x80000000000000004018310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.295{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ac247eadf218902021-12-22 12:43:34.295root 11241100x80000000000000004018311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.295{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c5d35ede4ed8fb2021-12-22 12:43:34.295root 11241100x80000000000000004018312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.296{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.582b468ee835aaf42021-12-22 12:43:34.296root 11241100x80000000000000004018313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.296{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bb8a482b629b7fb2021-12-22 12:43:34.296root 11241100x80000000000000004018314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.296{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aaf225706355b232021-12-22 12:43:34.296root 11241100x80000000000000004018315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.296{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c48b5c4f55a5308e2021-12-22 12:43:34.296root 11241100x80000000000000004018316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.296{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.762f1aa0231e7e502021-12-22 12:43:34.296root 11241100x80000000000000004018317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.296{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0feadd03b9738392021-12-22 12:43:34.296root 11241100x80000000000000004018318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.296{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34236561dc6765532021-12-22 12:43:34.296root 11241100x80000000000000004018319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.296{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b4b554cf06ba292021-12-22 12:43:34.296root 11241100x80000000000000004018320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.296{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63b3f5a6af693e3b2021-12-22 12:43:34.296root 11241100x80000000000000004018321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.296{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23a7f687a2d38c9e2021-12-22 12:43:34.296root 11241100x80000000000000004018322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.296{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d1ed955215908b72021-12-22 12:43:34.296root 11241100x80000000000000004018323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.296{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2efa597c283687612021-12-22 12:43:34.296root 11241100x80000000000000004018324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.297{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.941b67d8322391952021-12-22 12:43:34.297root 11241100x80000000000000004018325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.297{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dd50fa116b6fa6b2021-12-22 12:43:34.297root 11241100x80000000000000004018326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.297{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90b93c7186e65af72021-12-22 12:43:34.297root 11241100x80000000000000004018327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.297{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee7c57119a3665362021-12-22 12:43:34.297root 11241100x80000000000000004018328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.297{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22b6f7163b6617fa2021-12-22 12:43:34.297root 11241100x80000000000000004018329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.297{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a6d8a5927841e722021-12-22 12:43:34.297root 11241100x80000000000000004018330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.297{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.738837c03470b3322021-12-22 12:43:34.297root 11241100x80000000000000004018331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.297{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17fdc57a8eddb7bb2021-12-22 12:43:34.297root 11241100x80000000000000004018332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.297{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88bf9f342799f36d2021-12-22 12:43:34.297root 11241100x80000000000000004018333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.297{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00c91e96f6395dba2021-12-22 12:43:34.297root 11241100x80000000000000004018334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.297{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae5730ddb719d9972021-12-22 12:43:34.297root 11241100x80000000000000004018335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.297{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52d133350aacbe3f2021-12-22 12:43:34.297root 11241100x80000000000000004018336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.297{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78bc937151f46fc12021-12-22 12:43:34.297root 11241100x80000000000000004018337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.297{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d43862810a852062021-12-22 12:43:34.297root 11241100x80000000000000004018338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.297{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb6211ebeb98c8ac2021-12-22 12:43:34.297root 11241100x80000000000000004018339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.297{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9d1cf6348cd9b002021-12-22 12:43:34.297root 11241100x80000000000000004018340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.298{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7a1f37d44ef85dd2021-12-22 12:43:34.298root 11241100x80000000000000004018341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.298{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77c4ef75b10a588a2021-12-22 12:43:34.298root 11241100x80000000000000004018342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.299{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c30b83969c0f7f722021-12-22 12:43:34.299root 11241100x80000000000000004018343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.299{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43d16d4aa1fa50372021-12-22 12:43:34.299root 11241100x80000000000000004018344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.299{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0837976d613fc9a2021-12-22 12:43:34.299root 11241100x80000000000000004018345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.299{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a428110ab92b0a52021-12-22 12:43:34.299root 11241100x80000000000000004018346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.299{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02abc6988fc2391e2021-12-22 12:43:34.299root 11241100x80000000000000004018347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.299{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6e7d09dfe02d90d2021-12-22 12:43:34.299root 11241100x80000000000000004018348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.300{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d9be88944b83ded2021-12-22 12:43:34.300root 11241100x80000000000000004018349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.300{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43bb95115fa366b52021-12-22 12:43:34.300root 11241100x80000000000000004018350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.300{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dca812126bbb8c32021-12-22 12:43:34.300root 11241100x80000000000000004018351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.300{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d6cf5a72eb6c51d2021-12-22 12:43:34.300root 11241100x80000000000000004018352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.300{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c0ce3b93d11dcc62021-12-22 12:43:34.300root 11241100x80000000000000004018353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.300{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b3cce6965926e3c2021-12-22 12:43:34.300root 11241100x80000000000000004018354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.300{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e2d2141ecca6df22021-12-22 12:43:34.300root 11241100x80000000000000004018355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.300{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd5f5e18d7bea1562021-12-22 12:43:34.300root 11241100x80000000000000004018356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.300{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f16dc96a911f31e2021-12-22 12:43:34.300root 11241100x80000000000000004018357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.300{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96be1619f76bfeae2021-12-22 12:43:34.300root 11241100x80000000000000004018358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.300{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.189be8218c854ba92021-12-22 12:43:34.300root 11241100x80000000000000004018359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.300{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c05d030d135b4892021-12-22 12:43:34.300root 11241100x80000000000000004018360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.301{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5befb7c620526d632021-12-22 12:43:34.301root 11241100x80000000000000004018361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.301{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4021849c05b510ee2021-12-22 12:43:34.301root 11241100x80000000000000004018362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.301{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28af2b65d42527e32021-12-22 12:43:34.301root 11241100x80000000000000004018363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.301{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bae73d971c5a3cf2021-12-22 12:43:34.301root 11241100x80000000000000004018364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.301{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.444a5a0567f1a2ff2021-12-22 12:43:34.301root 11241100x80000000000000004018365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.301{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce06376c44a81cf72021-12-22 12:43:34.301root 11241100x80000000000000004018366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.302{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.145eb2463baa8b1a2021-12-22 12:43:34.302root 11241100x80000000000000004018367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.303{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7db121865eaa5f632021-12-22 12:43:34.303root 11241100x80000000000000004018368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.303{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.063f4d6f62a311c02021-12-22 12:43:34.303root 11241100x80000000000000004018369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.303{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2dd5f60647a71982021-12-22 12:43:34.303root 11241100x80000000000000004018370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.303{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f8bc1be228f24952021-12-22 12:43:34.303root 11241100x80000000000000004018371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.303{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4c2c6e55c52ab612021-12-22 12:43:34.303root 11241100x80000000000000004018372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.303{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f4cb16580dd4f72021-12-22 12:43:34.303root 11241100x80000000000000004018373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.303{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1182dd06a3349cb72021-12-22 12:43:34.303root 11241100x80000000000000004018374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.303{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2f3f13fdb536f942021-12-22 12:43:34.303root 11241100x80000000000000004018375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f08dac823c25404c2021-12-22 12:43:34.692root 11241100x80000000000000004018376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3547c00deefd36a62021-12-22 12:43:34.693root 11241100x80000000000000004018377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.293dc4dc576a38ca2021-12-22 12:43:34.693root 11241100x80000000000000004018378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb4bc00f49c589cf2021-12-22 12:43:34.693root 11241100x80000000000000004018379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d18c87090357e92021-12-22 12:43:34.694root 11241100x80000000000000004018380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f9ecc830c3f0d852021-12-22 12:43:34.694root 11241100x80000000000000004018381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23126a2d6b3c3eac2021-12-22 12:43:34.694root 11241100x80000000000000004018382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb0c6ce6557a03de2021-12-22 12:43:34.694root 11241100x80000000000000004018383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f0de24397caf9012021-12-22 12:43:34.694root 11241100x80000000000000004018384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9845055101bee5c62021-12-22 12:43:34.695root 11241100x80000000000000004018385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cdb56cf1098a1e22021-12-22 12:43:34.695root 11241100x80000000000000004018386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9469ea1b5c32d94f2021-12-22 12:43:34.695root 11241100x80000000000000004018387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf12a4c0eb0161952021-12-22 12:43:34.696root 11241100x80000000000000004018388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0acdbe1c36748bd2021-12-22 12:43:34.696root 11241100x80000000000000004018389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.001f3ee5de4b620a2021-12-22 12:43:34.696root 11241100x80000000000000004018390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9dd04abcd6ae9332021-12-22 12:43:34.696root 11241100x80000000000000004018391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86eae9634d10790a2021-12-22 12:43:34.697root 11241100x80000000000000004018392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b9f608c994f9e102021-12-22 12:43:34.697root 11241100x80000000000000004018393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.092d9cbb8462983d2021-12-22 12:43:34.697root 11241100x80000000000000004018394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0cdae5f463e97c72021-12-22 12:43:34.697root 11241100x80000000000000004018395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8f95732cd45aa982021-12-22 12:43:34.698root 11241100x80000000000000004018396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3db4330aaad179c72021-12-22 12:43:34.698root 11241100x80000000000000004018397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77ca3d9ddbd8a3402021-12-22 12:43:34.698root 11241100x80000000000000004018398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fcbe22d4ff37b372021-12-22 12:43:34.698root 11241100x80000000000000004018399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8e608f74af9f5632021-12-22 12:43:34.699root 11241100x80000000000000004018400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49ebd8f6c1b4017e2021-12-22 12:43:34.699root 11241100x80000000000000004018401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.725825f07440ab232021-12-22 12:43:34.699root 11241100x80000000000000004018402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fafedbf13b9b1f342021-12-22 12:43:34.699root 11241100x80000000000000004018403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e626c967d48e57f82021-12-22 12:43:34.700root 11241100x80000000000000004018404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6df6c2ee53bf5342021-12-22 12:43:34.700root 11241100x80000000000000004018405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a40811027217dd32021-12-22 12:43:34.700root 11241100x80000000000000004018406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bafa52014a6871d2021-12-22 12:43:34.700root 11241100x80000000000000004018407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.096da4e9fce2fc1b2021-12-22 12:43:34.700root 11241100x80000000000000004018408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.effe81ba699b76472021-12-22 12:43:34.700root 11241100x80000000000000004018409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14d50077383fa0552021-12-22 12:43:34.700root 11241100x80000000000000004018410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a92670820dcc93a2021-12-22 12:43:34.700root 11241100x80000000000000004018411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6ad9cf39db2d0be2021-12-22 12:43:34.700root 11241100x80000000000000004018412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c812b1d466c42def2021-12-22 12:43:34.701root 11241100x80000000000000004018413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f00b4dd9ed1df0312021-12-22 12:43:34.701root 11241100x80000000000000004018414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58952d779cac0a2e2021-12-22 12:43:34.701root 11241100x80000000000000004018415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e03ba3dd5c09cc5e2021-12-22 12:43:34.701root 11241100x80000000000000004018416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a159e04997a7c62021-12-22 12:43:34.701root 11241100x80000000000000004018417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a02aef51b6f6ed332021-12-22 12:43:34.701root 11241100x80000000000000004018418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa340b499481d59b2021-12-22 12:43:35.193root 11241100x80000000000000004018419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8b7e2d4303d0fb62021-12-22 12:43:35.193root 11241100x80000000000000004018420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0202969eec1991322021-12-22 12:43:35.193root 11241100x80000000000000004018421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ef6bffbe8f31552021-12-22 12:43:35.193root 11241100x80000000000000004018422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12a0b2751973acab2021-12-22 12:43:35.194root 11241100x80000000000000004018423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d7e0c0f2093f63e2021-12-22 12:43:35.194root 11241100x80000000000000004018424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.645de171c3b5ec852021-12-22 12:43:35.194root 11241100x80000000000000004018425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7280975a55bc0b1a2021-12-22 12:43:35.194root 11241100x80000000000000004018426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d20916b940f30722021-12-22 12:43:35.194root 11241100x80000000000000004018427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aca084df455f62e52021-12-22 12:43:35.194root 11241100x80000000000000004018428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01cc391caf70da1a2021-12-22 12:43:35.194root 11241100x80000000000000004018429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab0d714565c69a1b2021-12-22 12:43:35.194root 11241100x80000000000000004018430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b45d6f61889fe7cc2021-12-22 12:43:35.194root 11241100x80000000000000004018431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af2c6577a25f33ad2021-12-22 12:43:35.195root 11241100x80000000000000004018432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a33cec9ca10a885c2021-12-22 12:43:35.195root 11241100x80000000000000004018433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41866bd59040174b2021-12-22 12:43:35.195root 11241100x80000000000000004018434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a81e7b157dcbf062021-12-22 12:43:35.195root 11241100x80000000000000004018435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4ae0631f091bc572021-12-22 12:43:35.195root 11241100x80000000000000004018436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd8fdd984e1390c52021-12-22 12:43:35.195root 11241100x80000000000000004018437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce6066d75253d6a32021-12-22 12:43:35.196root 11241100x80000000000000004018438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60333c5178d6db732021-12-22 12:43:35.196root 11241100x80000000000000004018439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.708be887ee0f5e2a2021-12-22 12:43:35.196root 11241100x80000000000000004018440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6572294d5ca3e13b2021-12-22 12:43:35.196root 11241100x80000000000000004018441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deeef0b304326e7a2021-12-22 12:43:35.196root 11241100x80000000000000004018442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a474fdc1b5d7e30f2021-12-22 12:43:35.196root 11241100x80000000000000004018443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b14db8b3106395ce2021-12-22 12:43:35.197root 11241100x80000000000000004018444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2b80a5db2e29b022021-12-22 12:43:35.197root 11241100x80000000000000004018445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fceaf71ec1e69ac02021-12-22 12:43:35.197root 11241100x80000000000000004018446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d91f160b023f74f02021-12-22 12:43:35.198root 11241100x80000000000000004018447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af525a44e1818bac2021-12-22 12:43:35.198root 11241100x80000000000000004018448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fb1bf2af3229bc92021-12-22 12:43:35.198root 11241100x80000000000000004018449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.703e4d14076517542021-12-22 12:43:35.198root 11241100x80000000000000004018450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd36021bef1958452021-12-22 12:43:35.198root 11241100x80000000000000004018451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.609397258fb486642021-12-22 12:43:35.198root 11241100x80000000000000004018452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a13c5a9635c35c2021-12-22 12:43:35.199root 11241100x80000000000000004018453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8915d2a41c531b852021-12-22 12:43:35.199root 11241100x80000000000000004018454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4259be029a5b67d2021-12-22 12:43:35.693root 11241100x80000000000000004018455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.360efaf9c07088cf2021-12-22 12:43:35.693root 11241100x80000000000000004018456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.749a648445f6130e2021-12-22 12:43:35.694root 11241100x80000000000000004018457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a3113d8d52ffad82021-12-22 12:43:35.694root 11241100x80000000000000004018458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.448e07b32ef2b8dd2021-12-22 12:43:35.694root 11241100x80000000000000004018459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5c2995e5ba2f9c22021-12-22 12:43:35.694root 11241100x80000000000000004018460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3135a9c86c0ab7882021-12-22 12:43:35.694root 11241100x80000000000000004018461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffcfbd607139ac022021-12-22 12:43:35.695root 11241100x80000000000000004018462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faa47ffd2ff7e5a82021-12-22 12:43:35.695root 11241100x80000000000000004018463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.717159813c43e36c2021-12-22 12:43:35.695root 11241100x80000000000000004018464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff82341663f5cbb2021-12-22 12:43:35.695root 11241100x80000000000000004018465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.779e8cc842930e682021-12-22 12:43:35.695root 11241100x80000000000000004018466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b60ccc372c51830e2021-12-22 12:43:35.695root 11241100x80000000000000004018467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c9862351fbb0b542021-12-22 12:43:35.695root 11241100x80000000000000004018468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd41ee2c21971bc12021-12-22 12:43:35.696root 11241100x80000000000000004018469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.709197238ec4ebc92021-12-22 12:43:35.696root 11241100x80000000000000004018470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff18a0d67f4e07622021-12-22 12:43:35.696root 11241100x80000000000000004018471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.455e0780461b92f52021-12-22 12:43:35.696root 11241100x80000000000000004018472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.809824a5dab456232021-12-22 12:43:35.696root 11241100x80000000000000004018473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3374bf40f621b8c52021-12-22 12:43:35.696root 11241100x80000000000000004018474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a48378798f5f99b92021-12-22 12:43:35.696root 11241100x80000000000000004018475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93dc3a91720bbdc52021-12-22 12:43:35.696root 11241100x80000000000000004018476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bfe69650a8501642021-12-22 12:43:35.696root 11241100x80000000000000004018477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ae3380b1130a4452021-12-22 12:43:35.697root 11241100x80000000000000004018478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80ea7ea1379d31b92021-12-22 12:43:35.697root 11241100x80000000000000004018479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c0638687b3ce2672021-12-22 12:43:35.697root 11241100x80000000000000004018480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c843136f8adb9d2021-12-22 12:43:35.697root 11241100x80000000000000004018481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb2078498f5610bc2021-12-22 12:43:35.697root 11241100x80000000000000004018482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a92e15c1f2f13d3f2021-12-22 12:43:35.697root 11241100x80000000000000004018483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.244bfe7c1a3038c72021-12-22 12:43:35.697root 11241100x80000000000000004018484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94831dba959f57b32021-12-22 12:43:35.697root 11241100x80000000000000004018485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a2bbbb8a1b454ce2021-12-22 12:43:35.697root 11241100x80000000000000004018486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f20655652350866d2021-12-22 12:43:35.697root 11241100x80000000000000004018487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9e0fa38d463b2f92021-12-22 12:43:35.698root 11241100x80000000000000004018488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48c1e8b7120f07562021-12-22 12:43:35.698root 11241100x80000000000000004018489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6072880f352bac242021-12-22 12:43:35.698root 11241100x80000000000000004018490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.810afe606cf3664b2021-12-22 12:43:35.698root 11241100x80000000000000004018491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe10b438da777ec22021-12-22 12:43:36.193root 11241100x80000000000000004018492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04583d529ee4db0d2021-12-22 12:43:36.193root 11241100x80000000000000004018493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53ddfa48629edfe12021-12-22 12:43:36.193root 11241100x80000000000000004018494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d67ad935d1cf07562021-12-22 12:43:36.193root 11241100x80000000000000004018495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b42486598e7318e2021-12-22 12:43:36.194root 11241100x80000000000000004018496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebf9c7fde579b25e2021-12-22 12:43:36.194root 11241100x80000000000000004018497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dd0958caf4632e22021-12-22 12:43:36.194root 11241100x80000000000000004018498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f485ac0f7ba99142021-12-22 12:43:36.194root 11241100x80000000000000004018499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.376f457bac96c9b32021-12-22 12:43:36.194root 11241100x80000000000000004018500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b88ab0879f2255c2021-12-22 12:43:36.194root 11241100x80000000000000004018501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7113a2633415cec42021-12-22 12:43:36.194root 11241100x80000000000000004018502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a4caacd8c4bd7752021-12-22 12:43:36.194root 11241100x80000000000000004018503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9101b5bd83a76dba2021-12-22 12:43:36.194root 11241100x80000000000000004018504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8db0d032dd121a0c2021-12-22 12:43:36.194root 11241100x80000000000000004018505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4961219b829393c42021-12-22 12:43:36.195root 11241100x80000000000000004018506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db2a7317522c09812021-12-22 12:43:36.195root 11241100x80000000000000004018507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe753c47c36a362b2021-12-22 12:43:36.195root 11241100x80000000000000004018508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6726217131da7d642021-12-22 12:43:36.195root 11241100x80000000000000004018509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8825c2c0d77c0de2021-12-22 12:43:36.195root 11241100x80000000000000004018510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d13af86b3293a67e2021-12-22 12:43:36.195root 11241100x80000000000000004018511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0b6b01667cda7212021-12-22 12:43:36.195root 11241100x80000000000000004018512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfb22a76c8b041f62021-12-22 12:43:36.195root 11241100x80000000000000004018513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b8b08173a4b3332021-12-22 12:43:36.196root 11241100x80000000000000004018514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.041adb7f7c2b00032021-12-22 12:43:36.196root 11241100x80000000000000004018515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.160c60bbf2aa22db2021-12-22 12:43:36.196root 11241100x80000000000000004018516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f2848c7cd4c42fe2021-12-22 12:43:36.196root 11241100x80000000000000004018517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c917b7cf591206c2021-12-22 12:43:36.196root 11241100x80000000000000004018518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf798232ebeca11e2021-12-22 12:43:36.196root 11241100x80000000000000004018519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07b4756901a684b52021-12-22 12:43:36.196root 11241100x80000000000000004018520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6126d0581e1bfa902021-12-22 12:43:36.196root 11241100x80000000000000004018521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60fdff6fda02e4d12021-12-22 12:43:36.196root 11241100x80000000000000004018522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa084250fef786f82021-12-22 12:43:36.196root 11241100x80000000000000004018523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18aae84272ef5f9e2021-12-22 12:43:36.196root 11241100x80000000000000004018524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.884ad0285a734ac12021-12-22 12:43:36.197root 11241100x80000000000000004018525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b2d52c7f8df2a1d2021-12-22 12:43:36.197root 11241100x80000000000000004018526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9153424e2e6c6cbd2021-12-22 12:43:36.197root 11241100x80000000000000004018527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e94a4314b6da2882021-12-22 12:43:36.692root 11241100x80000000000000004018528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11d104a48f52d4b22021-12-22 12:43:36.693root 11241100x80000000000000004018529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0428a56153db61a02021-12-22 12:43:36.693root 11241100x80000000000000004018530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2886bf389a552b42021-12-22 12:43:36.693root 11241100x80000000000000004018531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.817162559af067b92021-12-22 12:43:36.693root 11241100x80000000000000004018532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff94fe89fce2dba2021-12-22 12:43:36.693root 11241100x80000000000000004018533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1a61a4ce1ff8c502021-12-22 12:43:36.693root 11241100x80000000000000004018534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6196020964e73a4e2021-12-22 12:43:36.693root 11241100x80000000000000004018535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7a8308674d90bbf2021-12-22 12:43:36.694root 11241100x80000000000000004018536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e91314615c579262021-12-22 12:43:36.694root 11241100x80000000000000004018537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac55c23bf139cd1a2021-12-22 12:43:36.694root 11241100x80000000000000004018538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6435b185aba6d162021-12-22 12:43:36.694root 11241100x80000000000000004018539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfb4979994b1378e2021-12-22 12:43:36.694root 11241100x80000000000000004018540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8398c94648b3693d2021-12-22 12:43:36.694root 11241100x80000000000000004018541