11241100x80000000000000004017495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.481b93f67fcc94582021-12-22 12:43:25.193root 11241100x80000000000000004017496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8d2298844468e052021-12-22 12:43:25.193root 11241100x80000000000000004017497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f0944d628a384462021-12-22 12:43:25.193root 11241100x80000000000000004017498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eebc6c8e7b1d8c342021-12-22 12:43:25.193root 11241100x80000000000000004017499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12a80a144bbcebff2021-12-22 12:43:25.193root 11241100x80000000000000004017500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77522c6e86314e662021-12-22 12:43:25.193root 11241100x80000000000000004017501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a926118e9be63ac12021-12-22 12:43:25.193root 11241100x80000000000000004017502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88774283dfe911962021-12-22 12:43:25.194root 11241100x80000000000000004017503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00328ee07f17ff0e2021-12-22 12:43:25.194root 11241100x80000000000000004017504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b92d8946dc694232021-12-22 12:43:25.194root 11241100x80000000000000004017505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f06af59c9bee8f332021-12-22 12:43:25.194root 11241100x80000000000000004017506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.412817b98b72652f2021-12-22 12:43:25.194root 11241100x80000000000000004017507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87d65259499e56ab2021-12-22 12:43:25.194root 11241100x80000000000000004017508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0837e0f15e4844c42021-12-22 12:43:25.194root 11241100x80000000000000004017509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdcf35211a04e8ed2021-12-22 12:43:25.195root 11241100x80000000000000004017510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0a07c2ea922ea4c2021-12-22 12:43:25.195root 11241100x80000000000000004017511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59f5a9d47796b6ff2021-12-22 12:43:25.195root 11241100x80000000000000004017512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f35747044037cc22021-12-22 12:43:25.195root 11241100x80000000000000004017513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84b702cec17b075f2021-12-22 12:43:25.195root 11241100x80000000000000004017514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c28239454643eb002021-12-22 12:43:25.195root 11241100x80000000000000004017515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea90e9cadfcc7b6c2021-12-22 12:43:25.195root 11241100x80000000000000004017516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56f6ebc1908d48282021-12-22 12:43:25.196root 11241100x80000000000000004017517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a96bcd986347ac462021-12-22 12:43:25.196root 11241100x80000000000000004017518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01ff5b6a9586777b2021-12-22 12:43:25.196root 11241100x80000000000000004017519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67c19a5bdec5b7b82021-12-22 12:43:25.196root 11241100x80000000000000004017520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4175aea8fd67755c2021-12-22 12:43:25.196root 11241100x80000000000000004017521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e860479588f1cecc2021-12-22 12:43:25.196root 11241100x80000000000000004017522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8af110edf34926e02021-12-22 12:43:25.196root 11241100x80000000000000004017523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb2b4a427b9b8ff42021-12-22 12:43:25.196root 11241100x80000000000000004017524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d12f95a25c1a47a2021-12-22 12:43:25.196root 11241100x80000000000000004017525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ed1e4bc8d4b9de32021-12-22 12:43:25.196root 11241100x80000000000000004017526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec7911b0e591b7772021-12-22 12:43:25.196root 11241100x80000000000000004017527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a6f08b98c6f1eba2021-12-22 12:43:25.197root 11241100x80000000000000004017528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6936a75616d069632021-12-22 12:43:25.197root 11241100x80000000000000004017529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c91a55a12cb9e1612021-12-22 12:43:25.197root 11241100x80000000000000004017530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fc196c70e57e1252021-12-22 12:43:25.197root 11241100x80000000000000004017531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a60f3695f1bea59f2021-12-22 12:43:25.197root 11241100x80000000000000004017532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.665f5dbccc4146992021-12-22 12:43:25.197root 11241100x80000000000000004017533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61319c2ab5f694de2021-12-22 12:43:25.197root 11241100x80000000000000004017534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f2520a0828508d02021-12-22 12:43:25.693root 11241100x80000000000000004017535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b755b57c38b0fce52021-12-22 12:43:25.693root 11241100x80000000000000004017536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c69add6fd995cb2021-12-22 12:43:25.693root 11241100x80000000000000004017537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3e76c9fcb72d9182021-12-22 12:43:25.693root 11241100x80000000000000004017538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb2b34716c5f163a2021-12-22 12:43:25.693root 11241100x80000000000000004017539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.356f12e8cfa318002021-12-22 12:43:25.694root 11241100x80000000000000004017540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8c1aa42998c76872021-12-22 12:43:25.694root 11241100x80000000000000004017541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.696d0097866724662021-12-22 12:43:25.694root 11241100x80000000000000004017542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3266f7ae806a0962021-12-22 12:43:25.694root 11241100x80000000000000004017543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0b46a6a0ca8acc22021-12-22 12:43:25.694root 11241100x80000000000000004017544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76d933307534ac992021-12-22 12:43:25.694root 11241100x80000000000000004017545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72770fb16e18a13f2021-12-22 12:43:25.694root 11241100x80000000000000004017546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c758b28db00af1502021-12-22 12:43:25.695root 11241100x80000000000000004017547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0772aba7f52307dc2021-12-22 12:43:25.695root 11241100x80000000000000004017548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96d1ecb9c627c6822021-12-22 12:43:25.695root 11241100x80000000000000004017549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b06b6eeaee2e8b2021-12-22 12:43:25.695root 11241100x80000000000000004017550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.135fcadc5345a0782021-12-22 12:43:25.695root 11241100x80000000000000004017551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4a55b0bb27b491e2021-12-22 12:43:25.695root 11241100x80000000000000004017552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57970c887c474cd62021-12-22 12:43:25.695root 11241100x80000000000000004017553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a4a1ce792d941782021-12-22 12:43:25.696root 11241100x80000000000000004017554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa524b7a9fa6a7692021-12-22 12:43:25.696root 11241100x80000000000000004017555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc573fe5e5996bd52021-12-22 12:43:25.696root 11241100x80000000000000004017556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bb01b1dd40d8f022021-12-22 12:43:25.696root 11241100x80000000000000004017557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cbfcdd8853ee7db2021-12-22 12:43:25.696root 11241100x80000000000000004017558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9322e40b0481eace2021-12-22 12:43:25.697root 11241100x80000000000000004017559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01e6d1eb12a9725b2021-12-22 12:43:25.697root 11241100x80000000000000004017560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac1f6f5059f0926f2021-12-22 12:43:25.697root 11241100x80000000000000004017561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9483f4835af1336f2021-12-22 12:43:25.697root 11241100x80000000000000004017562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ec57eaf57add3bb2021-12-22 12:43:25.698root 11241100x80000000000000004017563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eae0619818acce72021-12-22 12:43:25.698root 11241100x80000000000000004017564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:25.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa50861c23ce4f252021-12-22 12:43:25.698root 11241100x80000000000000004017565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f01d080216b624e2021-12-22 12:43:26.193root 11241100x80000000000000004017566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54b3b3bf419501fa2021-12-22 12:43:26.194root 11241100x80000000000000004017567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7279714a169b3492021-12-22 12:43:26.195root 11241100x80000000000000004017568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c864087a0efe8ce32021-12-22 12:43:26.195root 11241100x80000000000000004017569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b99f1b5121bdd9c42021-12-22 12:43:26.195root 11241100x80000000000000004017570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.612f06cc458a8bec2021-12-22 12:43:26.196root 11241100x80000000000000004017571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5cd742a441ffcd82021-12-22 12:43:26.196root 11241100x80000000000000004017572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f2566175d5ee4c82021-12-22 12:43:26.196root 11241100x80000000000000004017573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.670ed7fe2b1ce3322021-12-22 12:43:26.196root 11241100x80000000000000004017574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd81241958585ed22021-12-22 12:43:26.196root 11241100x80000000000000004017575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b73eb96547434d32021-12-22 12:43:26.196root 11241100x80000000000000004017576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27acbd58d31aee092021-12-22 12:43:26.196root 11241100x80000000000000004017577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.541638c1de8764292021-12-22 12:43:26.196root 11241100x80000000000000004017578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b085f5e97541b4fa2021-12-22 12:43:26.196root 11241100x80000000000000004017579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed0b7134573b08052021-12-22 12:43:26.196root 11241100x80000000000000004017580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d656cf6e16a8be12021-12-22 12:43:26.196root 11241100x80000000000000004017581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e05a99cae5cdab22021-12-22 12:43:26.196root 11241100x80000000000000004017582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee7faf74cd4ab59e2021-12-22 12:43:26.196root 11241100x80000000000000004017583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.133d1b4c856ab1492021-12-22 12:43:26.196root 11241100x80000000000000004017584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2810290c9f0d3582021-12-22 12:43:26.196root 11241100x80000000000000004017585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a72f65116661f932021-12-22 12:43:26.196root 11241100x80000000000000004017586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20920b348e391d722021-12-22 12:43:26.197root 11241100x80000000000000004017587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc19e5fd43d8d852021-12-22 12:43:26.197root 11241100x80000000000000004017588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05394467b620731a2021-12-22 12:43:26.197root 11241100x80000000000000004017589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.229794968d0b73b62021-12-22 12:43:26.197root 11241100x80000000000000004017590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1de7a629f89bcd0b2021-12-22 12:43:26.197root 11241100x80000000000000004017591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b63d4bfd4b7cc742021-12-22 12:43:26.197root 11241100x80000000000000004017592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f9bed751840b56b2021-12-22 12:43:26.197root 11241100x80000000000000004017593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a686eaea85abc3d2021-12-22 12:43:26.197root 11241100x80000000000000004017594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4be22841c247bdfa2021-12-22 12:43:26.197root 11241100x80000000000000004017595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4296d6b6bddde5f42021-12-22 12:43:26.693root 11241100x80000000000000004017596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6754de5abbde6edd2021-12-22 12:43:26.693root 11241100x80000000000000004017597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4e9641e8d9491b12021-12-22 12:43:26.694root 11241100x80000000000000004017598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.294bec32c60d04e12021-12-22 12:43:26.694root 11241100x80000000000000004017599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8861b6e653bba9f72021-12-22 12:43:26.695root 11241100x80000000000000004017600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b28ff13a96f29a212021-12-22 12:43:26.695root 11241100x80000000000000004017601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b535b9915be18c02021-12-22 12:43:26.695root 11241100x80000000000000004017602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aa399d1ecbe6c592021-12-22 12:43:26.695root 11241100x80000000000000004017603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff28df7a44fc7f42021-12-22 12:43:26.695root 11241100x80000000000000004017604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08eb8eed5397db232021-12-22 12:43:26.695root 11241100x80000000000000004017605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a72f67dee8c9b962021-12-22 12:43:26.698root 11241100x80000000000000004017606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66f1723efc4c8c9e2021-12-22 12:43:26.698root 11241100x80000000000000004017607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0ecba301380b8c32021-12-22 12:43:26.698root 11241100x80000000000000004017608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.970986853af8eff02021-12-22 12:43:26.699root 11241100x80000000000000004017609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.345b3532091eed9f2021-12-22 12:43:26.699root 11241100x80000000000000004017610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb31b61987e2d6e32021-12-22 12:43:26.699root 11241100x80000000000000004017611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d9c305f8d37f2de2021-12-22 12:43:26.699root 11241100x80000000000000004017612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88e64fd3bf08afe42021-12-22 12:43:26.699root 11241100x80000000000000004017613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6de33006553c4392021-12-22 12:43:26.699root 11241100x80000000000000004017614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81fc16b5c916412a2021-12-22 12:43:26.699root 11241100x80000000000000004017615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c00e70ccb72f0aad2021-12-22 12:43:26.699root 11241100x80000000000000004017616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fe8476c4a554d462021-12-22 12:43:26.700root 11241100x80000000000000004017617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bdf86612bf6ad3c2021-12-22 12:43:26.700root 11241100x80000000000000004017618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1b703afd168fbba2021-12-22 12:43:26.700root 11241100x80000000000000004017619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cfa3dd495bb590f2021-12-22 12:43:26.700root 11241100x80000000000000004017620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6639904657d3373c2021-12-22 12:43:26.700root 11241100x80000000000000004017621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5517075d4458dff62021-12-22 12:43:26.700root 11241100x80000000000000004017622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32d88358eb6ca8522021-12-22 12:43:26.700root 11241100x80000000000000004017623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a7c9a869bfe89a72021-12-22 12:43:26.700root 11241100x80000000000000004017624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.169d6fed8d5b1fe42021-12-22 12:43:26.700root 11241100x80000000000000004017625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:26.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea87bdbb0e162eb22021-12-22 12:43:26.700root 354300x80000000000000004017626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.093{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-56814-false10.0.1.12-8000- 11241100x80000000000000004017627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.094{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f682fd42a1c420e2021-12-22 12:43:27.094root 11241100x80000000000000004017628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.094{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.420ba068d98a636d2021-12-22 12:43:27.094root 11241100x80000000000000004017629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.094{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ac67a58b3f0e85e2021-12-22 12:43:27.094root 11241100x80000000000000004017630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.094{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.684c18614dc68beb2021-12-22 12:43:27.094root 11241100x80000000000000004017631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.094{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efb4b5b3bc32444a2021-12-22 12:43:27.094root 11241100x80000000000000004017632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.095{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9abb490a57a328292021-12-22 12:43:27.095root 11241100x80000000000000004017633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.095{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6d4eaf12b85afdb2021-12-22 12:43:27.095root 11241100x80000000000000004017634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.095{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bc41041186e4ce62021-12-22 12:43:27.095root 11241100x80000000000000004017635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.095{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2968e6945e0feb102021-12-22 12:43:27.095root 11241100x80000000000000004017636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.095{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e4073a5d86827ef2021-12-22 12:43:27.095root 11241100x80000000000000004017637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.095{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c09342fc2e4c923f2021-12-22 12:43:27.095root 11241100x80000000000000004017638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.095{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aff0c7c9f3ba1ce2021-12-22 12:43:27.095root 11241100x80000000000000004017639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.095{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.335dd8ae81f139f32021-12-22 12:43:27.095root 11241100x80000000000000004017640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.095{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ddaeead7e263bc22021-12-22 12:43:27.095root 11241100x80000000000000004017641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.095{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f82386c94453bc42021-12-22 12:43:27.095root 11241100x80000000000000004017642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.096{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ec301fb322872c42021-12-22 12:43:27.096root 11241100x80000000000000004017643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.096{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2270203cb82624842021-12-22 12:43:27.096root 11241100x80000000000000004017644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.096{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c965f1f7b3a59b062021-12-22 12:43:27.096root 11241100x80000000000000004017645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.096{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d9272188cf83df72021-12-22 12:43:27.096root 11241100x80000000000000004017646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.096{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e2c2042236fe7222021-12-22 12:43:27.096root 11241100x80000000000000004017647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.096{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d659c3a2771ffd9c2021-12-22 12:43:27.096root 11241100x80000000000000004017648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.096{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06d13155776389752021-12-22 12:43:27.096root 11241100x80000000000000004017649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.096{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17fb69ea7d8991c92021-12-22 12:43:27.096root 11241100x80000000000000004017650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.096{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.128551feba3639d12021-12-22 12:43:27.096root 11241100x80000000000000004017651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.096{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.710a8155f0413d452021-12-22 12:43:27.096root 11241100x80000000000000004017652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.096{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f569dcd6f2d83082021-12-22 12:43:27.096root 11241100x80000000000000004017653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.096{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0afdc86d54bd8ca72021-12-22 12:43:27.096root 11241100x80000000000000004017654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.096{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c67acd71e54aad4d2021-12-22 12:43:27.096root 11241100x80000000000000004017655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.097{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c90139194764afc92021-12-22 12:43:27.097root 11241100x80000000000000004017656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.097{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b50ef81cc0b820ee2021-12-22 12:43:27.097root 11241100x80000000000000004017657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.097{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34c3074c2b9c7c642021-12-22 12:43:27.097root 11241100x80000000000000004017658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.097{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af673a5182ca6b782021-12-22 12:43:27.097root 11241100x80000000000000004017659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.097{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13802456fb3a03ad2021-12-22 12:43:27.097root 11241100x80000000000000004017660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.097{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.784b61ab903e73782021-12-22 12:43:27.097root 11241100x80000000000000004017661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.097{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c49faf56b85da62021-12-22 12:43:27.097root 11241100x80000000000000004017662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.097{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf7b0aba57e4aa62021-12-22 12:43:27.097root 11241100x80000000000000004017663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.097{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb7c9be8e4bdc0042021-12-22 12:43:27.097root 11241100x80000000000000004017664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.097{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7158fdf4b01a52932021-12-22 12:43:27.097root 11241100x80000000000000004017665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.097{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.868f187e1f2a94022021-12-22 12:43:27.097root 11241100x80000000000000004017666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.098{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdbfe7617bbd6a182021-12-22 12:43:27.098root 11241100x80000000000000004017667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.098{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b0d70355ff6ab792021-12-22 12:43:27.098root 11241100x80000000000000004017668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.098{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d06a9b107a238522021-12-22 12:43:27.098root 11241100x80000000000000004017669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.098{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aafa5aa6c2e113142021-12-22 12:43:27.098root 11241100x80000000000000004017670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.098{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c67f6dfde10b38252021-12-22 12:43:27.098root 11241100x80000000000000004017671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.098{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bee7593061eb14a62021-12-22 12:43:27.098root 11241100x80000000000000004017672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.098{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65bf9f978f9e64162021-12-22 12:43:27.098root 11241100x80000000000000004017673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.098{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3d06819818873bc2021-12-22 12:43:27.098root 11241100x80000000000000004017674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.098{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a539cb2e247a10c2021-12-22 12:43:27.098root 11241100x80000000000000004017675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.098{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc15484cbbd209e82021-12-22 12:43:27.098root 11241100x80000000000000004017676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.098{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f4fa8ad24154d6a2021-12-22 12:43:27.098root 11241100x80000000000000004017677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.098{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1071092ffd76710c2021-12-22 12:43:27.098root 11241100x80000000000000004017678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.098{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1c693347cf3fc1f2021-12-22 12:43:27.098root 11241100x80000000000000004017679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.098{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af2adad9939f61bd2021-12-22 12:43:27.098root 11241100x80000000000000004017680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.098{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcba786d377cd23c2021-12-22 12:43:27.098root 11241100x80000000000000004017681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.099{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.487b97386afe28992021-12-22 12:43:27.099root 11241100x80000000000000004017682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.099{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34752cbbd237fa1c2021-12-22 12:43:27.099root 11241100x80000000000000004017683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.099{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1641214028e0e4652021-12-22 12:43:27.099root 11241100x80000000000000004017684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.099{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2c979181d0d01132021-12-22 12:43:27.099root 11241100x80000000000000004017685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.099{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbe5e2c71407c69e2021-12-22 12:43:27.099root 11241100x80000000000000004017686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.099{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a02d1d533fb68a532021-12-22 12:43:27.099root 11241100x80000000000000004017687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.099{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66d68162354ad24f2021-12-22 12:43:27.099root 11241100x80000000000000004017688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.099{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a057a4e8d6f29f8f2021-12-22 12:43:27.099root 11241100x80000000000000004017689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.099{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fcde42201dc6cde2021-12-22 12:43:27.099root 11241100x80000000000000004017690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.099{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.734425babee883762021-12-22 12:43:27.099root 11241100x80000000000000004017691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.099{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd3ee580ead64c412021-12-22 12:43:27.099root 11241100x80000000000000004017692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.100{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ee362bc178031652021-12-22 12:43:27.100root 11241100x80000000000000004017693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.100{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d55c69a7b4a6f242021-12-22 12:43:27.100root 11241100x80000000000000004017694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.100{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98eb8a20aac9bf302021-12-22 12:43:27.100root 11241100x80000000000000004017695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.100{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.912ca4b2c5f858752021-12-22 12:43:27.100root 11241100x80000000000000004017696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.100{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e21dd3c0b8b7763a2021-12-22 12:43:27.100root 11241100x80000000000000004017697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.100{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05ff09346856aeab2021-12-22 12:43:27.100root 11241100x80000000000000004017698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.100{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be0ea3c6431f78762021-12-22 12:43:27.100root 11241100x80000000000000004017699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c2edbd88d83ea442021-12-22 12:43:27.101root 11241100x80000000000000004017700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1441b75da9dc0742021-12-22 12:43:27.101root 11241100x80000000000000004017701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a43818187d7ba3dd2021-12-22 12:43:27.101root 11241100x80000000000000004017702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f73f15eade3cb2d72021-12-22 12:43:27.101root 11241100x80000000000000004017703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.102{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa4a00239ae6f92c2021-12-22 12:43:27.102root 11241100x80000000000000004017704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.102{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d84a9fd1d972ad742021-12-22 12:43:27.102root 11241100x80000000000000004017705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.102{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f009d21f7b7e1fe32021-12-22 12:43:27.102root 11241100x80000000000000004017706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.103{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f4d311fba85cad02021-12-22 12:43:27.103root 11241100x80000000000000004017707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.103{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d566f63965aad2182021-12-22 12:43:27.103root 11241100x80000000000000004017708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.103{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bab08169cd3d3b82021-12-22 12:43:27.103root 11241100x80000000000000004017709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.103{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0666c3d4b9f260622021-12-22 12:43:27.103root 11241100x80000000000000004017710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.104{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2ebe3c9dc5c549a2021-12-22 12:43:27.104root 11241100x80000000000000004017711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.104{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7213f601237c55a42021-12-22 12:43:27.104root 11241100x80000000000000004017712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.104{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a88675500da1a1012021-12-22 12:43:27.104root 11241100x80000000000000004017713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.104{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e1c01b74d00acae2021-12-22 12:43:27.104root 11241100x80000000000000004017714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.105{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ba4df106f7d6ae2021-12-22 12:43:27.105root 11241100x80000000000000004017715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.105{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ab6695465658ac42021-12-22 12:43:27.105root 11241100x80000000000000004017716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.105{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcdfcb63d3c8f79c2021-12-22 12:43:27.105root 11241100x80000000000000004017717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.105{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abdafd7b2a9f07c02021-12-22 12:43:27.105root 11241100x80000000000000004017718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.105{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf2a96fd1f7c3d12021-12-22 12:43:27.105root 11241100x80000000000000004017719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.106{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cf9049581d6d2942021-12-22 12:43:27.106root 11241100x80000000000000004017720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.107{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7471534c01dc4d42021-12-22 12:43:27.107root 11241100x80000000000000004017721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.107{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5481aa7ce14caac52021-12-22 12:43:27.107root 11241100x80000000000000004017722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.107{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1778958db05933532021-12-22 12:43:27.107root 11241100x80000000000000004017723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.107{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8fcfb7520edcda52021-12-22 12:43:27.107root 11241100x80000000000000004017724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.108{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fb447294555d3c42021-12-22 12:43:27.108root 11241100x80000000000000004017725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.110{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c0830cedb4741972021-12-22 12:43:27.110root 11241100x80000000000000004017726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.110{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a4ebf182a8499672021-12-22 12:43:27.110root 11241100x80000000000000004017727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.111{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a345d2f35c9e7f2021-12-22 12:43:27.111root 11241100x80000000000000004017728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.111{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14512e3c0e9853112021-12-22 12:43:27.111root 11241100x80000000000000004017729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.111{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.332c888b2cbea7c62021-12-22 12:43:27.111root 11241100x80000000000000004017730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.111{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c2b47b60ac36b4d2021-12-22 12:43:27.111root 11241100x80000000000000004017731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.111{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f62beb7cad1521b92021-12-22 12:43:27.111root 11241100x80000000000000004017732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.111{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d35277d5126db322021-12-22 12:43:27.111root 11241100x80000000000000004017733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.112{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.452890b774db23562021-12-22 12:43:27.112root 11241100x80000000000000004017734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.112{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e187ae0bc433dee22021-12-22 12:43:27.112root 154100x80000000000000004017735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.402{ec2b6afe-1d6f-61c3-6844-594210560000}22708/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2319--- 11241100x80000000000000004017736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.405{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc83605bd2bdca812021-12-22 12:43:27.405root 11241100x80000000000000004017737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.405{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5de839a8f61f21b2021-12-22 12:43:27.405root 11241100x80000000000000004017738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.405{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5aa85190e49c9fc2021-12-22 12:43:27.405root 11241100x80000000000000004017739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.405{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c438a1c9cd99a52021-12-22 12:43:27.405root 11241100x80000000000000004017740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.405{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9db473259925243a2021-12-22 12:43:27.405root 11241100x80000000000000004017741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.405{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a38d5ff4a0504de72021-12-22 12:43:27.405root 11241100x80000000000000004017742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.405{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fa3a0cfe738912d2021-12-22 12:43:27.405root 11241100x80000000000000004017743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.405{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd557c52b770be92021-12-22 12:43:27.405root 11241100x80000000000000004017744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.405{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d2da04478db0eaf2021-12-22 12:43:27.405root 11241100x80000000000000004017745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.405{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00f41d763463ae442021-12-22 12:43:27.405root 11241100x80000000000000004017746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.405{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e9750275a17f03d2021-12-22 12:43:27.405root 11241100x80000000000000004017747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.405{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49dcf2400cb6fd432021-12-22 12:43:27.405root 11241100x80000000000000004017748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.405{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe4d0f8224b517312021-12-22 12:43:27.405root 11241100x80000000000000004017749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.406{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c298218057410bbe2021-12-22 12:43:27.406root 11241100x80000000000000004017750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.406{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1151b1b5fecd28162021-12-22 12:43:27.406root 11241100x80000000000000004017751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.406{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df3cc18cd0b556602021-12-22 12:43:27.406root 11241100x80000000000000004017752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.406{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.360eedd051d9caed2021-12-22 12:43:27.406root 11241100x80000000000000004017753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.406{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41830793e8bda6ec2021-12-22 12:43:27.406root 11241100x80000000000000004017754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.406{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e523f86d822e6e812021-12-22 12:43:27.406root 11241100x80000000000000004017755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.406{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44ad4fcc0668a0c62021-12-22 12:43:27.406root 11241100x80000000000000004017756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.406{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c144ee4878a01d702021-12-22 12:43:27.406root 11241100x80000000000000004017757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.406{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8d9ebb5f76089992021-12-22 12:43:27.406root 11241100x80000000000000004017758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.406{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d964b5703a1e9bbd2021-12-22 12:43:27.406root 11241100x80000000000000004017759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.406{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f8eb808683523642021-12-22 12:43:27.406root 11241100x80000000000000004017760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.406{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb04f760b7438c512021-12-22 12:43:27.406root 11241100x80000000000000004017761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.406{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f974b12f003f46ed2021-12-22 12:43:27.406root 11241100x80000000000000004017762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.406{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c79bd2b6ff6f900b2021-12-22 12:43:27.406root 11241100x80000000000000004017763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.406{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.411137714bc29dfb2021-12-22 12:43:27.406root 11241100x80000000000000004017764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.407{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3177ef8e13df1c3f2021-12-22 12:43:27.407root 11241100x80000000000000004017765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.407{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c7dfad1b4ab32892021-12-22 12:43:27.407root 11241100x80000000000000004017766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.407{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6675f12892d6a802021-12-22 12:43:27.407root 11241100x80000000000000004017767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.407{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.193f3d9e57930edb2021-12-22 12:43:27.407root 534500x80000000000000004017768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.422{ec2b6afe-1d6f-61c3-6844-594210560000}22708/bin/psroot 11241100x80000000000000004017769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbda54d93f86f4152021-12-22 12:43:27.693root 11241100x80000000000000004017770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6aadb8bf4ac8e902021-12-22 12:43:27.694root 11241100x80000000000000004017771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ac7015c9173d9b12021-12-22 12:43:27.694root 11241100x80000000000000004017772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26733d688d2b8f7e2021-12-22 12:43:27.694root 11241100x80000000000000004017773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b91eacaff3e50472021-12-22 12:43:27.694root 11241100x80000000000000004017774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f3290da850441ba2021-12-22 12:43:27.694root 11241100x80000000000000004017775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c51fd2b5ea12c8c2021-12-22 12:43:27.694root 11241100x80000000000000004017776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05e39f1112a5944e2021-12-22 12:43:27.694root 11241100x80000000000000004017777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33ef84e0d997ec8d2021-12-22 12:43:27.694root 11241100x80000000000000004017778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf4aa1d95e173ba52021-12-22 12:43:27.695root 11241100x80000000000000004017779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f014ba92bddaca2021-12-22 12:43:27.695root 11241100x80000000000000004017780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.209b5d982d5fdcd72021-12-22 12:43:27.695root 11241100x80000000000000004017781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fe630150c8b28702021-12-22 12:43:27.695root 11241100x80000000000000004017782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5e3e13c3d2264902021-12-22 12:43:27.695root 11241100x80000000000000004017783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97f1c6234b80132a2021-12-22 12:43:27.695root 11241100x80000000000000004017784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91784efbebfb9c112021-12-22 12:43:27.695root 11241100x80000000000000004017785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a862eb0a7b6bc4da2021-12-22 12:43:27.695root 11241100x80000000000000004017786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41cb26e90f7a06ff2021-12-22 12:43:27.695root 11241100x80000000000000004017787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8ee306289f0fb212021-12-22 12:43:27.696root 11241100x80000000000000004017788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3c7a59780c007032021-12-22 12:43:27.696root 11241100x80000000000000004017789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.351947754678a7b92021-12-22 12:43:27.696root 11241100x80000000000000004017790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f7ebe30624002612021-12-22 12:43:27.696root 11241100x80000000000000004017791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd7f3005cd65c7bd2021-12-22 12:43:27.696root 11241100x80000000000000004017792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.658c035e7fe72c722021-12-22 12:43:27.696root 11241100x80000000000000004017793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6d18b87bfa790ef2021-12-22 12:43:27.696root 11241100x80000000000000004017794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fde373bdb587a94a2021-12-22 12:43:27.696root 11241100x80000000000000004017795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d328e9ba5cfef6542021-12-22 12:43:27.696root 11241100x80000000000000004017796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6426af71a958d432021-12-22 12:43:27.697root 11241100x80000000000000004017797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dcedd88c117738d2021-12-22 12:43:27.697root 11241100x80000000000000004017798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7937cec34891fe2f2021-12-22 12:43:27.697root 11241100x80000000000000004017799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcf315f59242a84d2021-12-22 12:43:27.697root 11241100x80000000000000004017800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60e224df54939abc2021-12-22 12:43:27.697root 11241100x80000000000000004017801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:27.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e431e5b95a2769e62021-12-22 12:43:27.697root 11241100x80000000000000004017802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76a418ac8dffaf2c2021-12-22 12:43:28.193root 11241100x80000000000000004017803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fca77b04164b24ac2021-12-22 12:43:28.193root 11241100x80000000000000004017804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d5ea5eea6d92cba2021-12-22 12:43:28.194root 11241100x80000000000000004017805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.389692cb20b75a002021-12-22 12:43:28.194root 11241100x80000000000000004017806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c73bbc69f6d95ba82021-12-22 12:43:28.194root 11241100x80000000000000004017807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebeb4c788be0e9462021-12-22 12:43:28.194root 11241100x80000000000000004017808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b44a8080c0d4e5b42021-12-22 12:43:28.194root 11241100x80000000000000004017809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a798f5f25533eec82021-12-22 12:43:28.194root 11241100x80000000000000004017810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04c48be4b34999102021-12-22 12:43:28.194root 11241100x80000000000000004017811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09ababe7704684ab2021-12-22 12:43:28.194root 11241100x80000000000000004017812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e452ef484a6c8562021-12-22 12:43:28.194root 11241100x80000000000000004017813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b36464fd50b3b502021-12-22 12:43:28.194root 11241100x80000000000000004017814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e36953256d1304af2021-12-22 12:43:28.195root 11241100x80000000000000004017815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99f8844dc9bfe8ee2021-12-22 12:43:28.195root 11241100x80000000000000004017816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a28c5ec56898f3d82021-12-22 12:43:28.195root 11241100x80000000000000004017817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26fc71bad1849f5e2021-12-22 12:43:28.195root 11241100x80000000000000004017818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.238aea156c217ee12021-12-22 12:43:28.195root 11241100x80000000000000004017819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8121ee26b964db72021-12-22 12:43:28.195root 11241100x80000000000000004017820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f504f57e9d55be02021-12-22 12:43:28.195root 11241100x80000000000000004017821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a549afbfe4a414052021-12-22 12:43:28.195root 11241100x80000000000000004017822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f10a4fabc73804812021-12-22 12:43:28.195root 11241100x80000000000000004017823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e51f13deca9a76d2021-12-22 12:43:28.195root 11241100x80000000000000004017824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc5099aff8ea50912021-12-22 12:43:28.196root 11241100x80000000000000004017825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be9225900f6b13e82021-12-22 12:43:28.196root 11241100x80000000000000004017826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e68ad5522bac076a2021-12-22 12:43:28.196root 11241100x80000000000000004017827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.304af2de590175762021-12-22 12:43:28.196root 11241100x80000000000000004017828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c62c42447b7e71682021-12-22 12:43:28.196root 11241100x80000000000000004017829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e9490c8b2e4f0062021-12-22 12:43:28.196root 11241100x80000000000000004017830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa76182002f84922021-12-22 12:43:28.196root 11241100x80000000000000004017831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2696c5da367239d2021-12-22 12:43:28.196root 11241100x80000000000000004017832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b3b15c36f935f6f2021-12-22 12:43:28.197root 11241100x80000000000000004017833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dab13978821f9302021-12-22 12:43:28.197root 11241100x80000000000000004017834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b0a2c8f8a4f5e832021-12-22 12:43:28.197root 11241100x80000000000000004017835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eac33f719fb3b1e32021-12-22 12:43:28.693root 11241100x80000000000000004017836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14a40954a0b0f4d02021-12-22 12:43:28.693root 11241100x80000000000000004017837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76298145c27b04f12021-12-22 12:43:28.693root 11241100x80000000000000004017838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a34c99179cd1a472021-12-22 12:43:28.693root 11241100x80000000000000004017839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f62bded7fba5655f2021-12-22 12:43:28.693root 11241100x80000000000000004017840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3893f5cb379b504f2021-12-22 12:43:28.693root 11241100x80000000000000004017841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3368d0a6938076fa2021-12-22 12:43:28.693root 11241100x80000000000000004017842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c43f6749860dd1562021-12-22 12:43:28.694root 11241100x80000000000000004017843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1063ddaa2b5c88d12021-12-22 12:43:28.694root 11241100x80000000000000004017844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed051e18b518ccb22021-12-22 12:43:28.694root 11241100x80000000000000004017845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d69616c34fcae14c2021-12-22 12:43:28.694root 11241100x80000000000000004017846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a936984c09a68b82021-12-22 12:43:28.694root 11241100x80000000000000004017847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97ffb45bf477374a2021-12-22 12:43:28.694root 11241100x80000000000000004017848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be8e51aecce1a4cf2021-12-22 12:43:28.694root 11241100x80000000000000004017849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75cd8b606e8457602021-12-22 12:43:28.695root 11241100x80000000000000004017850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ec387a60476cd302021-12-22 12:43:28.695root 11241100x80000000000000004017851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7aacc71d217d2272021-12-22 12:43:28.695root 11241100x80000000000000004017852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d02fef060e1391e2021-12-22 12:43:28.695root 11241100x80000000000000004017853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa9fcb9ae0b237c42021-12-22 12:43:28.695root 11241100x80000000000000004017854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35c80f7e2ea849422021-12-22 12:43:28.695root 11241100x80000000000000004017855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e9c8ca5435632322021-12-22 12:43:28.695root 11241100x80000000000000004017856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d422625f42ceb82d2021-12-22 12:43:28.695root 11241100x80000000000000004017857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29e93b714d165b682021-12-22 12:43:28.695root 11241100x80000000000000004017858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53f219d6ee8914ff2021-12-22 12:43:28.696root 11241100x80000000000000004017859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98af1063712d05d32021-12-22 12:43:28.696root 11241100x80000000000000004017860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02dc04bd313ac96e2021-12-22 12:43:28.696root 11241100x80000000000000004017861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41b85ec67da0078d2021-12-22 12:43:28.696root 11241100x80000000000000004017862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db6cc4d674580f032021-12-22 12:43:28.696root 11241100x80000000000000004017863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbca73fb3ad915f72021-12-22 12:43:28.697root 11241100x80000000000000004017864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6efc04c13e92e9d62021-12-22 12:43:28.697root 11241100x80000000000000004017865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b1bdce520a381c2021-12-22 12:43:28.697root 11241100x80000000000000004017866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c93730ba48bc50d92021-12-22 12:43:28.697root 11241100x80000000000000004017867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14cb2d90b7f0f6902021-12-22 12:43:28.698root 11241100x80000000000000004017868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.433a53de8a6b3ee82021-12-22 12:43:28.698root 11241100x80000000000000004017869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92b10a05a502b28c2021-12-22 12:43:28.698root 11241100x80000000000000004017870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5ce57e95c6dd7592021-12-22 12:43:28.699root 11241100x80000000000000004017871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7679d409d39df8412021-12-22 12:43:28.699root 11241100x80000000000000004017872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:28.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ef11decc65d44b42021-12-22 12:43:28.699root 11241100x80000000000000004017873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.905e613b7595be662021-12-22 12:43:29.193root 11241100x80000000000000004017874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4666603dedea44072021-12-22 12:43:29.193root 11241100x80000000000000004017875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ff927a6db81a8c2021-12-22 12:43:29.194root 11241100x80000000000000004017876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e37afdf6c33fa862021-12-22 12:43:29.194root 11241100x80000000000000004017877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97943215ba55f4232021-12-22 12:43:29.194root 11241100x80000000000000004017878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e489c9ee62e456452021-12-22 12:43:29.194root 11241100x80000000000000004017879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f3c2b26f5dde00d2021-12-22 12:43:29.195root 11241100x80000000000000004017880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43dae0b2fcd57fd62021-12-22 12:43:29.195root 11241100x80000000000000004017881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b65e5948754d6ddf2021-12-22 12:43:29.195root 11241100x80000000000000004017882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6529f6e2a41e45ae2021-12-22 12:43:29.195root 11241100x80000000000000004017883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad20ca76239ec3492021-12-22 12:43:29.196root 11241100x80000000000000004017884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa33a00afb13f1b42021-12-22 12:43:29.196root 11241100x80000000000000004017885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a757f6034ce2e9aa2021-12-22 12:43:29.196root 11241100x80000000000000004017886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0fbc900ce80fe332021-12-22 12:43:29.197root 11241100x80000000000000004017887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94045e8846060c0d2021-12-22 12:43:29.197root 11241100x80000000000000004017888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1a0007f5de899ed2021-12-22 12:43:29.197root 11241100x80000000000000004017889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18c5029c21461bfe2021-12-22 12:43:29.197root 11241100x80000000000000004017890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54d46aecbddedb4e2021-12-22 12:43:29.198root 11241100x80000000000000004017891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22909d79a91d15f62021-12-22 12:43:29.198root 11241100x80000000000000004017892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c7f9080d59432372021-12-22 12:43:29.198root 11241100x80000000000000004017893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b2b3ede01fe57302021-12-22 12:43:29.198root 11241100x80000000000000004017894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40acf5daa04a540f2021-12-22 12:43:29.198root 11241100x80000000000000004017895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfed2cbf019ffa992021-12-22 12:43:29.199root 11241100x80000000000000004017896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d62807c50fbba05f2021-12-22 12:43:29.199root 11241100x80000000000000004017897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1af0fa22c78b1f3e2021-12-22 12:43:29.199root 11241100x80000000000000004017898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc95862c1aea250c2021-12-22 12:43:29.199root 11241100x80000000000000004017899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3789d24f586debb12021-12-22 12:43:29.199root 11241100x80000000000000004017900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6602bf08e64d34b92021-12-22 12:43:29.199root 11241100x80000000000000004017901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18ac25b2342695402021-12-22 12:43:29.200root 11241100x80000000000000004017902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e246d4bc370b7b72021-12-22 12:43:29.200root 11241100x80000000000000004017903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86e99895dde166d72021-12-22 12:43:29.200root 11241100x80000000000000004017904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3576a5820e4137282021-12-22 12:43:29.200root 11241100x80000000000000004017905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed6dc3dcf6047d782021-12-22 12:43:29.200root 11241100x80000000000000004017906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa21c069d2c54daf2021-12-22 12:43:29.200root 11241100x80000000000000004017907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cceccdd69116ed4d2021-12-22 12:43:29.200root 11241100x80000000000000004017908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcb6116f501c26a82021-12-22 12:43:29.692root 11241100x80000000000000004017909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47e99aef29e028cb2021-12-22 12:43:29.693root 11241100x80000000000000004017910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3db5b525321d74762021-12-22 12:43:29.693root 11241100x80000000000000004017911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5056d8d0cd203f4c2021-12-22 12:43:29.693root 11241100x80000000000000004017912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43d841b7c252fdaa2021-12-22 12:43:29.693root 11241100x80000000000000004017913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bbf4737679610dd2021-12-22 12:43:29.693root 11241100x80000000000000004017914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11ac02e7ac73913a2021-12-22 12:43:29.693root 11241100x80000000000000004017915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd2446e2fb4251192021-12-22 12:43:29.694root 11241100x80000000000000004017916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e74b718c4922273a2021-12-22 12:43:29.694root 11241100x80000000000000004017917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36db114d8488593c2021-12-22 12:43:29.694root 11241100x80000000000000004017918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.364dba62ac130a3a2021-12-22 12:43:29.694root 11241100x80000000000000004017919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01148e339c9aacc02021-12-22 12:43:29.694root 11241100x80000000000000004017920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f12d87069858e8d22021-12-22 12:43:29.695root 11241100x80000000000000004017921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd29ff3c2f562c6f2021-12-22 12:43:29.695root 11241100x80000000000000004017922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26a311119357576a2021-12-22 12:43:29.695root 11241100x80000000000000004017923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.919acf97f54108b32021-12-22 12:43:29.695root 11241100x80000000000000004017924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80408ae0692d60ae2021-12-22 12:43:29.695root 11241100x80000000000000004017925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0765d1fa2a8db3082021-12-22 12:43:29.695root 11241100x80000000000000004017926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a6c1283e7c6028e2021-12-22 12:43:29.696root 11241100x80000000000000004017927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09777de26c8ac1c32021-12-22 12:43:29.696root 11241100x80000000000000004017928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bce267ccbdfb1fc22021-12-22 12:43:29.696root 11241100x80000000000000004017929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.252e4cfdb5e9c3c22021-12-22 12:43:29.696root 11241100x80000000000000004017930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25c2061592485b602021-12-22 12:43:29.696root 11241100x80000000000000004017931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61344524566053f42021-12-22 12:43:29.697root 11241100x80000000000000004017932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b9f209cabd8475b2021-12-22 12:43:29.697root 11241100x80000000000000004017933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef512517fc0b3efe2021-12-22 12:43:29.697root 11241100x80000000000000004017934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73d3c30130af910b2021-12-22 12:43:29.697root 11241100x80000000000000004017935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d478a9f7542710f02021-12-22 12:43:29.698root 11241100x80000000000000004017936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0234fe92b487c65d2021-12-22 12:43:29.698root 11241100x80000000000000004017937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1da9a1a7491553f2021-12-22 12:43:29.698root 11241100x80000000000000004017938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b6d99a5edaf29ea2021-12-22 12:43:29.698root 11241100x80000000000000004017939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94005b8ebb5302772021-12-22 12:43:29.698root 11241100x80000000000000004017940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddfd615f13af28ca2021-12-22 12:43:29.699root 11241100x80000000000000004017941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aebc603625492942021-12-22 12:43:29.699root 11241100x80000000000000004017942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06f601837d89b86e2021-12-22 12:43:29.700root 11241100x80000000000000004017943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee3592df193c8b782021-12-22 12:43:29.700root 11241100x80000000000000004017944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:29.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bc74c1cbb6eb8442021-12-22 12:43:29.700root 11241100x80000000000000004017945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c4f6728b1e3ca512021-12-22 12:43:30.193root 11241100x80000000000000004017946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6eb11d81addb79a2021-12-22 12:43:30.194root 11241100x80000000000000004017947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e98b8591f4421c52021-12-22 12:43:30.194root 11241100x80000000000000004017948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aa0ef67dae1b6f22021-12-22 12:43:30.194root 11241100x80000000000000004017949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.254070717bf635f82021-12-22 12:43:30.194root 11241100x80000000000000004017950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdf429b329c0a8e22021-12-22 12:43:30.194root 11241100x80000000000000004017951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.082425170a9d1af02021-12-22 12:43:30.195root 11241100x80000000000000004017952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2ea3f48c1d5211f2021-12-22 12:43:30.195root 11241100x80000000000000004017953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbfbaee1c13b68712021-12-22 12:43:30.195root 11241100x80000000000000004017954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feabc8d27229e8732021-12-22 12:43:30.195root 11241100x80000000000000004017955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.948e506dcd72784b2021-12-22 12:43:30.195root 11241100x80000000000000004017956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7c1af34c0a41fce2021-12-22 12:43:30.195root 11241100x80000000000000004017957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8bd1edc0f21f8f32021-12-22 12:43:30.195root 11241100x80000000000000004017958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.989e2d0105904dbb2021-12-22 12:43:30.196root 11241100x80000000000000004017959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.094a82522d23bffa2021-12-22 12:43:30.196root 11241100x80000000000000004017960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.538ab4967cee786f2021-12-22 12:43:30.196root 11241100x80000000000000004017961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0abb27a3d3e0be892021-12-22 12:43:30.196root 11241100x80000000000000004017962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6156cf3024743872021-12-22 12:43:30.196root 11241100x80000000000000004017963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bb380f38ba64e502021-12-22 12:43:30.196root 11241100x80000000000000004017964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9be839f7775edec2021-12-22 12:43:30.196root 11241100x80000000000000004017965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d98494ee74c36782021-12-22 12:43:30.196root 11241100x80000000000000004017966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.923e74e8a46327462021-12-22 12:43:30.197root 11241100x80000000000000004017967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd0f7e91fa96a0ba2021-12-22 12:43:30.197root 11241100x80000000000000004017968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4355e79ba8990712021-12-22 12:43:30.197root 11241100x80000000000000004017969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc0200bff2d5baa42021-12-22 12:43:30.197root 11241100x80000000000000004017970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0af2c0600c9393b72021-12-22 12:43:30.197root 11241100x80000000000000004017971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d65f96647b916f9e2021-12-22 12:43:30.197root 11241100x80000000000000004017972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa5f0e6e112e69932021-12-22 12:43:30.197root 11241100x80000000000000004017973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2922c1ff924611b2021-12-22 12:43:30.197root 11241100x80000000000000004017974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ecf556d242bc2522021-12-22 12:43:30.197root 11241100x80000000000000004017975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fae0349255dad0e2021-12-22 12:43:30.197root 11241100x80000000000000004017976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f06174cfe61d1c12021-12-22 12:43:30.198root 11241100x80000000000000004017977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5a4e215da6f744f2021-12-22 12:43:30.198root 11241100x80000000000000004017978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e1a40d232505a6f2021-12-22 12:43:30.693root 11241100x80000000000000004017979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2049a5e0eb23b0d02021-12-22 12:43:30.693root 11241100x80000000000000004017980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38a53f9b357fb30a2021-12-22 12:43:30.693root 11241100x80000000000000004017981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.178b5cab12926d442021-12-22 12:43:30.693root 11241100x80000000000000004017982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebac210ab330569f2021-12-22 12:43:30.693root 11241100x80000000000000004017983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.427ffe5db655b9ab2021-12-22 12:43:30.693root 11241100x80000000000000004017984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56e08c6ffcce841d2021-12-22 12:43:30.694root 11241100x80000000000000004017985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed6b54cd5290ceb52021-12-22 12:43:30.694root 11241100x80000000000000004017986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0787530a829fd9d12021-12-22 12:43:30.694root 11241100x80000000000000004017987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfcbe1173be1af7e2021-12-22 12:43:30.694root 11241100x80000000000000004017988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db1a41867f02bd002021-12-22 12:43:30.694root 11241100x80000000000000004017989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f4d4348f1f102472021-12-22 12:43:30.694root 11241100x80000000000000004017990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0b35de8d6a1c4bc2021-12-22 12:43:30.694root 11241100x80000000000000004017991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1018ffbba0a544e2021-12-22 12:43:30.695root 11241100x80000000000000004017992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.242feb2ef16d8d1e2021-12-22 12:43:30.695root 11241100x80000000000000004017993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da58eb721e68de0a2021-12-22 12:43:30.695root 11241100x80000000000000004017994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b78efb5d9216cb32021-12-22 12:43:30.695root 11241100x80000000000000004017995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e43f3c337c8d913c2021-12-22 12:43:30.695root 11241100x80000000000000004017996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.930f1fca39e2ebe52021-12-22 12:43:30.695root 11241100x80000000000000004017997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f913d136537374d02021-12-22 12:43:30.696root 11241100x80000000000000004017998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41ca1d04f4c7418f2021-12-22 12:43:30.696root 11241100x80000000000000004017999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2209284e3187045e2021-12-22 12:43:30.696root 11241100x80000000000000004018000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efc5599e4560f33a2021-12-22 12:43:30.696root 11241100x80000000000000004018001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0549637cab1555c72021-12-22 12:43:30.696root 11241100x80000000000000004018002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ae6e72ec91a9f82021-12-22 12:43:30.696root 11241100x80000000000000004018003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f85348e5b175f7932021-12-22 12:43:30.696root 11241100x80000000000000004018004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f699a10bf718a762021-12-22 12:43:30.696root 11241100x80000000000000004018005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4b98e9217e29d1a2021-12-22 12:43:30.697root 11241100x80000000000000004018006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69088d63f70e66d52021-12-22 12:43:30.697root 11241100x80000000000000004018007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d67074a6bcd4d85a2021-12-22 12:43:30.697root 11241100x80000000000000004018008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9604c38837d202592021-12-22 12:43:30.697root 11241100x80000000000000004018009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a4badc2e1836a3b2021-12-22 12:43:30.697root 11241100x80000000000000004018010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ccb06c4171530592021-12-22 12:43:30.697root 11241100x80000000000000004018011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8894d6a75cdb35bd2021-12-22 12:43:30.697root 11241100x80000000000000004018012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:30.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b07d68cefbd238922021-12-22 12:43:30.697root 11241100x80000000000000004018013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80b5656b7d83aa992021-12-22 12:43:31.193root 11241100x80000000000000004018014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d73a420c10081942021-12-22 12:43:31.193root 11241100x80000000000000004018015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dc9dade43b21a462021-12-22 12:43:31.193root 11241100x80000000000000004018016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aee0831b61ddff72021-12-22 12:43:31.193root 11241100x80000000000000004018017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87b2a107bf9e3af12021-12-22 12:43:31.193root 11241100x80000000000000004018018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e476a0365a7487032021-12-22 12:43:31.193root 11241100x80000000000000004018019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1b38abfe6aed7682021-12-22 12:43:31.194root 11241100x80000000000000004018020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b97bf73299d1bf2021-12-22 12:43:31.194root 11241100x80000000000000004018021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4950cea4775e8a752021-12-22 12:43:31.194root 11241100x80000000000000004018022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51009bacdc10d9582021-12-22 12:43:31.194root 11241100x80000000000000004018023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a6d2578bad0fdd82021-12-22 12:43:31.194root 11241100x80000000000000004018024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cbeb098f47c3e752021-12-22 12:43:31.194root 11241100x80000000000000004018025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fffb306763491272021-12-22 12:43:31.195root 11241100x80000000000000004018026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fda86ebb3cce8f72021-12-22 12:43:31.195root 11241100x80000000000000004018027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99d587ef4a0d6b792021-12-22 12:43:31.195root 11241100x80000000000000004018028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55dcef7f20b45b912021-12-22 12:43:31.195root 11241100x80000000000000004018029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec7dadfa93809dd72021-12-22 12:43:31.195root 11241100x80000000000000004018030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f764068c5179b8182021-12-22 12:43:31.195root 11241100x80000000000000004018031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb624055a8c90ed02021-12-22 12:43:31.196root 11241100x80000000000000004018032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.707fd4e6ae79f81a2021-12-22 12:43:31.196root 11241100x80000000000000004018033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f339225b30cb5ed2021-12-22 12:43:31.196root 11241100x80000000000000004018034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af94930f362d3bf62021-12-22 12:43:31.196root 11241100x80000000000000004018035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12f54b3640cd6c902021-12-22 12:43:31.196root 11241100x80000000000000004018036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d2682a7332642292021-12-22 12:43:31.197root 11241100x80000000000000004018037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10ff035981ce9b972021-12-22 12:43:31.197root 11241100x80000000000000004018038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0af2251d5260ca842021-12-22 12:43:31.197root 11241100x80000000000000004018039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84eddf5f292145622021-12-22 12:43:31.197root 11241100x80000000000000004018040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c7dab85720e6d1f2021-12-22 12:43:31.197root 11241100x80000000000000004018041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60327cf9f603cdf72021-12-22 12:43:31.197root 11241100x80000000000000004018042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6b9f0c6b752fad42021-12-22 12:43:31.198root 11241100x80000000000000004018043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55eeace9f7fd39212021-12-22 12:43:31.198root 11241100x80000000000000004018044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2593a8c2bac47bf32021-12-22 12:43:31.198root 11241100x80000000000000004018045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d81b8d0d614aaa2021-12-22 12:43:31.198root 11241100x80000000000000004018046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e982fbfbbf0c266e2021-12-22 12:43:31.198root 11241100x80000000000000004018047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41309af270578cf72021-12-22 12:43:31.198root 11241100x80000000000000004018048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fc7ba1f24fa907f2021-12-22 12:43:31.198root 11241100x80000000000000004018049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c0519415ce4d4732021-12-22 12:43:31.199root 11241100x80000000000000004018050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d510a764af785a22021-12-22 12:43:31.199root 11241100x80000000000000004018051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83b1de998b48854b2021-12-22 12:43:31.199root 11241100x80000000000000004018052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51ccefb67b8a5f222021-12-22 12:43:31.199root 11241100x80000000000000004018053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8257be9241290042021-12-22 12:43:31.693root 11241100x80000000000000004018054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8024edec61c929142021-12-22 12:43:31.693root 11241100x80000000000000004018055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.159c44a74e9437212021-12-22 12:43:31.693root 11241100x80000000000000004018056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a8e85ab197240a2021-12-22 12:43:31.693root 11241100x80000000000000004018057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.091d87dcd124d0c32021-12-22 12:43:31.694root 11241100x80000000000000004018058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd5d4caa1f13c5002021-12-22 12:43:31.694root 11241100x80000000000000004018059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f010be61e83e5ecf2021-12-22 12:43:31.694root 11241100x80000000000000004018060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f15a2b3ffce33372021-12-22 12:43:31.694root 11241100x80000000000000004018061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eed792af2d3c8bb2021-12-22 12:43:31.694root 11241100x80000000000000004018062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a61a5f7cc541b7d52021-12-22 12:43:31.694root 11241100x80000000000000004018063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.949d38730c3312822021-12-22 12:43:31.694root 11241100x80000000000000004018064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e049d08642155042021-12-22 12:43:31.694root 11241100x80000000000000004018065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce4b81b3b636a652021-12-22 12:43:31.695root 11241100x80000000000000004018066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52dc2ebf78b5a8032021-12-22 12:43:31.695root 11241100x80000000000000004018067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.722b58d09b822b262021-12-22 12:43:31.695root 11241100x80000000000000004018068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6ec0b679f8fdc7c2021-12-22 12:43:31.695root 11241100x80000000000000004018069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41c148b33dcb1f0d2021-12-22 12:43:31.695root 11241100x80000000000000004018070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06243a1e575cdcb82021-12-22 12:43:31.695root 11241100x80000000000000004018071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c563ddc98f9de772021-12-22 12:43:31.695root 11241100x80000000000000004018072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3f4ee671fdbf7762021-12-22 12:43:31.695root 11241100x80000000000000004018073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe374770385e41632021-12-22 12:43:31.695root 11241100x80000000000000004018074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc0526e0b2e459302021-12-22 12:43:31.696root 11241100x80000000000000004018075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f2bbc2fb2d917802021-12-22 12:43:31.696root 11241100x80000000000000004018076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a1856c7fa51d892021-12-22 12:43:31.696root 11241100x80000000000000004018077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbdd05a61c1f811f2021-12-22 12:43:31.696root 11241100x80000000000000004018078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ed76d3de36caa702021-12-22 12:43:31.696root 11241100x80000000000000004018079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0cf08515f211c362021-12-22 12:43:31.696root 11241100x80000000000000004018080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfe6ba10f8b25f7d2021-12-22 12:43:31.696root 11241100x80000000000000004018081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.265f0f341b6d23022021-12-22 12:43:31.696root 11241100x80000000000000004018082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbcef2922a7325682021-12-22 12:43:31.696root 11241100x80000000000000004018083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70fab9f560d2aa862021-12-22 12:43:31.697root 11241100x80000000000000004018084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0316fadc35d816fe2021-12-22 12:43:31.697root 11241100x80000000000000004018085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18691d9d43779d212021-12-22 12:43:31.697root 11241100x80000000000000004018086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.732324292d2a63742021-12-22 12:43:31.697root 11241100x80000000000000004018087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deed3c5dbfcf1dee2021-12-22 12:43:31.697root 11241100x80000000000000004018088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b10c42c19f4375392021-12-22 12:43:31.697root 11241100x80000000000000004018089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c7e3aa2119fbd2d2021-12-22 12:43:31.697root 11241100x80000000000000004018090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.551a88b2c6e833bf2021-12-22 12:43:31.698root 11241100x80000000000000004018091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.859b69a9a8941ca82021-12-22 12:43:31.698root 11241100x80000000000000004018092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5f07f8656b7825b2021-12-22 12:43:31.698root 11241100x80000000000000004018093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:31.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99fcbbe11516be402021-12-22 12:43:31.698root 11241100x80000000000000004018094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.572d927466de28192021-12-22 12:43:32.193root 11241100x80000000000000004018095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af9b5ecc2df911052021-12-22 12:43:32.193root 11241100x80000000000000004018096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7255b0ddfecc4e692021-12-22 12:43:32.194root 11241100x80000000000000004018097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d42b762ea5f22982021-12-22 12:43:32.194root 11241100x80000000000000004018098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e4abb107720fdd92021-12-22 12:43:32.194root 11241100x80000000000000004018099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75d482573409d1fa2021-12-22 12:43:32.194root 11241100x80000000000000004018100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.795225573b3bf0392021-12-22 12:43:32.194root 11241100x80000000000000004018101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb04a980acb45f7c2021-12-22 12:43:32.194root 11241100x80000000000000004018102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3787cf307cd182de2021-12-22 12:43:32.194root 11241100x80000000000000004018103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd55ceec8e209f5c2021-12-22 12:43:32.194root 11241100x80000000000000004018104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ef6b375d68a998c2021-12-22 12:43:32.195root 11241100x80000000000000004018105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d5c4ee51f1828d2021-12-22 12:43:32.195root 11241100x80000000000000004018106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2677f4d369a7d4692021-12-22 12:43:32.195root 11241100x80000000000000004018107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7be0b841e8ef2372021-12-22 12:43:32.195root 11241100x80000000000000004018108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37105a9adecdc6122021-12-22 12:43:32.195root 11241100x80000000000000004018109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0544ad5d9cefb492021-12-22 12:43:32.195root 11241100x80000000000000004018110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d5e65a4146c78ea2021-12-22 12:43:32.195root 11241100x80000000000000004018111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6a154e27d73376f2021-12-22 12:43:32.195root 11241100x80000000000000004018112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b820d0857848b3c2021-12-22 12:43:32.196root 11241100x80000000000000004018113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7804273d676635b92021-12-22 12:43:32.196root 11241100x80000000000000004018114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ddb3b80e15abc022021-12-22 12:43:32.196root 11241100x80000000000000004018115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.767c55343bdc01d52021-12-22 12:43:32.196root 11241100x80000000000000004018116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7280fa78382f36322021-12-22 12:43:32.196root 11241100x80000000000000004018117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a7eaff3307678be2021-12-22 12:43:32.196root 11241100x80000000000000004018118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c3f6ee798a8548b2021-12-22 12:43:32.196root 11241100x80000000000000004018119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1891ea9e445bc3ad2021-12-22 12:43:32.196root 11241100x80000000000000004018120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a806b466b6ce50022021-12-22 12:43:32.196root 11241100x80000000000000004018121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d1e011c5d3931172021-12-22 12:43:32.196root 11241100x80000000000000004018122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.897796330dbfe96b2021-12-22 12:43:32.197root 11241100x80000000000000004018123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec4e6743b4e65e422021-12-22 12:43:32.197root 11241100x80000000000000004018124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3df386a6b779b7df2021-12-22 12:43:32.197root 11241100x80000000000000004018125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3ad969aaf7e47df2021-12-22 12:43:32.197root 11241100x80000000000000004018126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18dd26d6bb294f732021-12-22 12:43:32.197root 11241100x80000000000000004018127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56e914db0e7e6e5d2021-12-22 12:43:32.693root 11241100x80000000000000004018128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71c169ebe7096e6c2021-12-22 12:43:32.693root 11241100x80000000000000004018129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.559ac4312215c6ac2021-12-22 12:43:32.693root 11241100x80000000000000004018130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f58bc182f8085bdb2021-12-22 12:43:32.694root 11241100x80000000000000004018131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.763094e296461d1b2021-12-22 12:43:32.694root 11241100x80000000000000004018132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55b9d537eb8b0b692021-12-22 12:43:32.694root 11241100x80000000000000004018133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6306d40a7d0f7ebf2021-12-22 12:43:32.694root 11241100x80000000000000004018134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef29777d0b0351062021-12-22 12:43:32.694root 11241100x80000000000000004018135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.882cfcdb3db931f42021-12-22 12:43:32.694root 11241100x80000000000000004018136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.905ad3d7061e13fd2021-12-22 12:43:32.694root 11241100x80000000000000004018137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a0cf928727d55072021-12-22 12:43:32.695root 11241100x80000000000000004018138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2986d82ff1d4233d2021-12-22 12:43:32.695root 11241100x80000000000000004018139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8727acd4e6fb6dbf2021-12-22 12:43:32.695root 11241100x80000000000000004018140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2383201b933b3e3e2021-12-22 12:43:32.695root 11241100x80000000000000004018141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe356741bef74d102021-12-22 12:43:32.695root 11241100x80000000000000004018142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61234e8daf103faa2021-12-22 12:43:32.695root 11241100x80000000000000004018143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26c38ecf78b548f92021-12-22 12:43:32.695root 11241100x80000000000000004018144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60dd070dbf69deb62021-12-22 12:43:32.695root 11241100x80000000000000004018145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f07f4f9caa196e842021-12-22 12:43:32.695root 11241100x80000000000000004018146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fbbeca03c2b4cd52021-12-22 12:43:32.695root 11241100x80000000000000004018147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c759a8f0053f01d52021-12-22 12:43:32.696root 11241100x80000000000000004018148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bd8d50d991b7b9d2021-12-22 12:43:32.696root 11241100x80000000000000004018149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8c965c2b19b81212021-12-22 12:43:32.696root 11241100x80000000000000004018150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccc340675b02f8512021-12-22 12:43:32.696root 11241100x80000000000000004018151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df6aa749b77b708f2021-12-22 12:43:32.696root 11241100x80000000000000004018152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.997a48def90326c02021-12-22 12:43:32.696root 11241100x80000000000000004018153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49cd036e8f5524782021-12-22 12:43:32.696root 11241100x80000000000000004018154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77919e647a7298462021-12-22 12:43:32.696root 11241100x80000000000000004018155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a3eeb317fb8ab8b2021-12-22 12:43:32.697root 11241100x80000000000000004018156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20052a380dd843732021-12-22 12:43:32.697root 11241100x80000000000000004018157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed15ab18ac103c4f2021-12-22 12:43:32.697root 11241100x80000000000000004018158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cba8d33715b3c842021-12-22 12:43:32.697root 11241100x80000000000000004018159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b284878894af2462021-12-22 12:43:32.697root 11241100x80000000000000004018160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b184bf59c3ad38262021-12-22 12:43:32.698root 11241100x80000000000000004018161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4ca89e04ddf338e2021-12-22 12:43:32.698root 11241100x80000000000000004018162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29b756c4a7b534372021-12-22 12:43:32.698root 11241100x80000000000000004018163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.852784d071cee8462021-12-22 12:43:32.698root 11241100x80000000000000004018164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f59f1222e639dd9f2021-12-22 12:43:32.698root 11241100x80000000000000004018165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:32.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fb56c6ddd7bd1d72021-12-22 12:43:32.699root 354300x80000000000000004018166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.048{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-56816-false10.0.1.12-8000- 11241100x80000000000000004018167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.049{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59d514510fd945a42021-12-22 12:43:33.049root 11241100x80000000000000004018168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.049{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4f869bb5e1f8a0f2021-12-22 12:43:33.049root 11241100x80000000000000004018169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.049{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e8d0bb39d595322021-12-22 12:43:33.049root 11241100x80000000000000004018170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.049{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5284da0251edd6852021-12-22 12:43:33.049root 11241100x80000000000000004018171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.049{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.108d7902b3ef2a1f2021-12-22 12:43:33.049root 11241100x80000000000000004018172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.049{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2170b97479e16242021-12-22 12:43:33.049root 11241100x80000000000000004018173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.049{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bde5c84128ae79c2021-12-22 12:43:33.049root 11241100x80000000000000004018174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.050{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc6df78b04a9a9ae2021-12-22 12:43:33.050root 11241100x80000000000000004018175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.050{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.607540065444b17e2021-12-22 12:43:33.050root 11241100x80000000000000004018176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.050{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed87736fcaaf90672021-12-22 12:43:33.050root 11241100x80000000000000004018177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.050{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.723e9093272018d02021-12-22 12:43:33.050root 11241100x80000000000000004018178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.050{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a94ae1d5ddc879572021-12-22 12:43:33.050root 11241100x80000000000000004018179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.050{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a71a2d9bd2c144852021-12-22 12:43:33.050root 11241100x80000000000000004018180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.050{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb9882f9860113512021-12-22 12:43:33.050root 11241100x80000000000000004018181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.051{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60ecbf93657c190c2021-12-22 12:43:33.051root 11241100x80000000000000004018182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.051{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5bf3f95321896622021-12-22 12:43:33.051root 11241100x80000000000000004018183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.051{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c0c73aa56caf082021-12-22 12:43:33.051root 11241100x80000000000000004018184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.051{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7faef7583df0f3112021-12-22 12:43:33.051root 11241100x80000000000000004018185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.051{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d2507b555f7c3a02021-12-22 12:43:33.051root 11241100x80000000000000004018186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.052{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.006fd49f81c6f46e2021-12-22 12:43:33.052root 11241100x80000000000000004018187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.052{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf08852536fda912021-12-22 12:43:33.052root 11241100x80000000000000004018188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.052{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe1d191c1b435b612021-12-22 12:43:33.052root 11241100x80000000000000004018189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.052{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f843df51311d65c2021-12-22 12:43:33.052root 11241100x80000000000000004018190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.052{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bc00032d4d91c392021-12-22 12:43:33.052root 11241100x80000000000000004018191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.052{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f0155d55886de162021-12-22 12:43:33.052root 11241100x80000000000000004018192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.052{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0dc3ec60475d5e42021-12-22 12:43:33.052root 11241100x80000000000000004018193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.053{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38d3df9f87867be02021-12-22 12:43:33.053root 11241100x80000000000000004018194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.053{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e19a0b1dbbc2aad2021-12-22 12:43:33.053root 11241100x80000000000000004018195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.053{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24d7880ec548679d2021-12-22 12:43:33.053root 11241100x80000000000000004018196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.053{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90ade3038385ef992021-12-22 12:43:33.053root 11241100x80000000000000004018197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.053{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18c3ab92506aade82021-12-22 12:43:33.053root 11241100x80000000000000004018198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.053{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68f526af1a7b812e2021-12-22 12:43:33.053root 11241100x80000000000000004018199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.053{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fe006fd642fa7d02021-12-22 12:43:33.053root 11241100x80000000000000004018200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.053{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d93fcf7af35ba87a2021-12-22 12:43:33.053root 11241100x80000000000000004018201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.054{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8daf28d1c0563de2021-12-22 12:43:33.054root 11241100x80000000000000004018202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.054{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1281de16351b3d6d2021-12-22 12:43:33.054root 11241100x80000000000000004018203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.054{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e5c98d1b4a77a432021-12-22 12:43:33.054root 11241100x80000000000000004018204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.054{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc6d9ecbe7bccd62021-12-22 12:43:33.054root 11241100x80000000000000004018205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.054{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b971f3a1520a1a372021-12-22 12:43:33.054root 11241100x80000000000000004018206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.055{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.842fa11189577a9e2021-12-22 12:43:33.055root 11241100x80000000000000004018207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.055{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d9abc2b8d0d9e232021-12-22 12:43:33.055root 11241100x80000000000000004018208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.055{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79d2d06837d9f53f2021-12-22 12:43:33.055root 11241100x80000000000000004018209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.055{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25999dffa428fa3a2021-12-22 12:43:33.055root 11241100x80000000000000004018210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.055{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94938fff7d78787b2021-12-22 12:43:33.055root 11241100x80000000000000004018211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.055{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1c75272c6942c762021-12-22 12:43:33.055root 11241100x80000000000000004018212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.056{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cafa17a61cfc689c2021-12-22 12:43:33.056root 11241100x80000000000000004018213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.124{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-22 12:43:33.124root 11241100x80000000000000004018214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4484d309cb528eb22021-12-22 12:43:33.443root 11241100x80000000000000004018215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79fef4e8f9eaad2e2021-12-22 12:43:33.443root 11241100x80000000000000004018216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad714b6ee9de6d9e2021-12-22 12:43:33.443root 11241100x80000000000000004018217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6f7f57448c8822b2021-12-22 12:43:33.443root 11241100x80000000000000004018218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04d0cf75b0dfb0d92021-12-22 12:43:33.443root 11241100x80000000000000004018219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d8a1019332a64e62021-12-22 12:43:33.443root 11241100x80000000000000004018220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b39419af7decbc2021-12-22 12:43:33.443root 11241100x80000000000000004018221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.064ccb72634dde8e2021-12-22 12:43:33.444root 11241100x80000000000000004018222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e942c672358f0232021-12-22 12:43:33.444root 11241100x80000000000000004018223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.092a9bb8717bcb5f2021-12-22 12:43:33.444root 11241100x80000000000000004018224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e959296855d09d702021-12-22 12:43:33.444root 11241100x80000000000000004018225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f585f3f23023a382021-12-22 12:43:33.444root 11241100x80000000000000004018226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bab0b268edc86fdd2021-12-22 12:43:33.445root 11241100x80000000000000004018227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.154808db74576e472021-12-22 12:43:33.445root 11241100x80000000000000004018228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.706021fc67ed51672021-12-22 12:43:33.445root 11241100x80000000000000004018229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4c59d5b147d61812021-12-22 12:43:33.445root 11241100x80000000000000004018230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee74f22c37370aa42021-12-22 12:43:33.445root 11241100x80000000000000004018231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bb7ab7ec3c8ab652021-12-22 12:43:33.446root 11241100x80000000000000004018232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1881bc822f3cf6202021-12-22 12:43:33.446root 11241100x80000000000000004018233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c738ae4169d2dfda2021-12-22 12:43:33.446root 11241100x80000000000000004018234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.181711f72758ce422021-12-22 12:43:33.446root 11241100x80000000000000004018235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93c00a87a7a9ccd42021-12-22 12:43:33.447root 11241100x80000000000000004018236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.075e83196bc9ac702021-12-22 12:43:33.447root 11241100x80000000000000004018237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eff150f0ba1c44e52021-12-22 12:43:33.447root 11241100x80000000000000004018238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aad088a60cb8a4752021-12-22 12:43:33.447root 11241100x80000000000000004018239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abe5b1072abcd9f22021-12-22 12:43:33.447root 11241100x80000000000000004018240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.370060ce88628afa2021-12-22 12:43:33.448root 11241100x80000000000000004018241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb8d220659f62bb52021-12-22 12:43:33.448root 11241100x80000000000000004018242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5f4c5133bfcda632021-12-22 12:43:33.448root 11241100x80000000000000004018243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8388479bcd8fb2c72021-12-22 12:43:33.448root 11241100x80000000000000004018244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64311c0cc50445b12021-12-22 12:43:33.449root 11241100x80000000000000004018245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.332ce52413356c152021-12-22 12:43:33.449root 11241100x80000000000000004018246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8eecc41bae6703f2021-12-22 12:43:33.449root 11241100x80000000000000004018247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dc11e0e0a4ef1b32021-12-22 12:43:33.449root 11241100x80000000000000004018248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb0d20f7434508a32021-12-22 12:43:33.450root 11241100x80000000000000004018249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09dda47fbed744a32021-12-22 12:43:33.450root 11241100x80000000000000004018250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f07029796e3c9db2021-12-22 12:43:33.450root 11241100x80000000000000004018251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06c39c617f4c8b012021-12-22 12:43:33.450root 11241100x80000000000000004018252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8108cdc4df8cddaf2021-12-22 12:43:33.450root 11241100x80000000000000004018253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0427217c91751f8e2021-12-22 12:43:33.943root 11241100x80000000000000004018254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c1b9feabe6b17c2021-12-22 12:43:33.943root 11241100x80000000000000004018255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.336b1e5e5b2850e92021-12-22 12:43:33.944root 11241100x80000000000000004018256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cbb99b8b3d5436c2021-12-22 12:43:33.944root 11241100x80000000000000004018257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ec4e65c86cc88312021-12-22 12:43:33.944root 11241100x80000000000000004018258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a03fde6437c97252021-12-22 12:43:33.945root 11241100x80000000000000004018259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08b27f6e6c132aae2021-12-22 12:43:33.945root 11241100x80000000000000004018260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65727954fd5c08cc2021-12-22 12:43:33.945root 11241100x80000000000000004018261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e645c1c2b2df6b792021-12-22 12:43:33.945root 11241100x80000000000000004018262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3561b13ce696d8162021-12-22 12:43:33.945root 11241100x80000000000000004018263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b921e1dc923b63ab2021-12-22 12:43:33.945root 11241100x80000000000000004018264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8280ca5d8e14a802021-12-22 12:43:33.945root 11241100x80000000000000004018265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac3ece5bc7fa29d12021-12-22 12:43:33.946root 11241100x80000000000000004018266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e7dd5584cc4b19f2021-12-22 12:43:33.946root 11241100x80000000000000004018267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3872fd465ea164d2021-12-22 12:43:33.946root 11241100x80000000000000004018268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa3b7023ddfb07572021-12-22 12:43:33.946root 11241100x80000000000000004018269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.745d92ca68a33c502021-12-22 12:43:33.946root 11241100x80000000000000004018270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a1aa703080a114e2021-12-22 12:43:33.946root 11241100x80000000000000004018271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37b49c210b7564e42021-12-22 12:43:33.946root 11241100x80000000000000004018272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac8176fd9916c90d2021-12-22 12:43:33.947root 11241100x80000000000000004018273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6af01927fb762572021-12-22 12:43:33.947root 11241100x80000000000000004018274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.790915b6202f1aec2021-12-22 12:43:33.947root 11241100x80000000000000004018275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92d361601574c3562021-12-22 12:43:33.947root 11241100x80000000000000004018276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c60c4c4ba4a9682021-12-22 12:43:33.947root 11241100x80000000000000004018277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eb3786828ba1d4c2021-12-22 12:43:33.947root 11241100x80000000000000004018278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c51923b47f345582021-12-22 12:43:33.948root 11241100x80000000000000004018279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4704768bb12278852021-12-22 12:43:33.948root 11241100x80000000000000004018280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.688a729c9336b3f52021-12-22 12:43:33.948root 11241100x80000000000000004018281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b812dc8fe016f9662021-12-22 12:43:33.948root 11241100x80000000000000004018282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cce68019b0a9ec382021-12-22 12:43:33.948root 11241100x80000000000000004018283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85edaa8e0aae99eb2021-12-22 12:43:33.948root 11241100x80000000000000004018284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eee24789defed6f42021-12-22 12:43:33.948root 11241100x80000000000000004018285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aadec15995c18122021-12-22 12:43:33.949root 11241100x80000000000000004018286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2676d7dcc860f182021-12-22 12:43:33.949root 11241100x80000000000000004018287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:33.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbb4204f2b97d8ea2021-12-22 12:43:33.949root 354300x80000000000000004018288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.293{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-43882-false10.0.1.12-8089- 11241100x80000000000000004018289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.294{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c79818d039e645f2021-12-22 12:43:34.294root 11241100x80000000000000004018290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.294{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f4930e2da715c252021-12-22 12:43:34.294root 11241100x80000000000000004018291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.294{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d445bcbc25721d402021-12-22 12:43:34.294root 11241100x80000000000000004018292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.294{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49cd5cde9c54171b2021-12-22 12:43:34.294root 11241100x80000000000000004018293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.294{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53eac5924b7b550f2021-12-22 12:43:34.294root 11241100x80000000000000004018294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.294{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a45a3ba97eea56e2021-12-22 12:43:34.294root 11241100x80000000000000004018295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.294{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9560beb2179c13162021-12-22 12:43:34.294root 11241100x80000000000000004018296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.294{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f0744b65b0d6a1a2021-12-22 12:43:34.294root 11241100x80000000000000004018297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.294{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f10e31e7342dc1342021-12-22 12:43:34.294root 11241100x80000000000000004018298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.294{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.734845c3a39b22ca2021-12-22 12:43:34.294root 11241100x80000000000000004018299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.295{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faece57cbadb1ba52021-12-22 12:43:34.295root 11241100x80000000000000004018300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.295{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26c644de841ad1af2021-12-22 12:43:34.295root 11241100x80000000000000004018301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.295{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6c97f7ecdbc0ee72021-12-22 12:43:34.295root 11241100x80000000000000004018302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.295{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56f4058dbcfe7e482021-12-22 12:43:34.295root 11241100x80000000000000004018303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.295{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faac88aa75a578362021-12-22 12:43:34.295root 11241100x80000000000000004018304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.295{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.396bbebe4b3033602021-12-22 12:43:34.295root 11241100x80000000000000004018305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.295{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcddb1dcc37242b62021-12-22 12:43:34.295root 11241100x80000000000000004018306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.295{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee3cfd7d692479722021-12-22 12:43:34.295root 11241100x80000000000000004018307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.295{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b82f5af7053f12912021-12-22 12:43:34.295root 11241100x80000000000000004018308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.295{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e91e6a01ec19b27d2021-12-22 12:43:34.295root 11241100x80000000000000004018309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.295{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fec0a71a599b49e22021-12-22 12:43:34.295root 11241100x80000000000000004018310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.295{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ac247eadf218902021-12-22 12:43:34.295root 11241100x80000000000000004018311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.295{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c5d35ede4ed8fb2021-12-22 12:43:34.295root 11241100x80000000000000004018312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.296{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.582b468ee835aaf42021-12-22 12:43:34.296root 11241100x80000000000000004018313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.296{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bb8a482b629b7fb2021-12-22 12:43:34.296root 11241100x80000000000000004018314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.296{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aaf225706355b232021-12-22 12:43:34.296root 11241100x80000000000000004018315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.296{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c48b5c4f55a5308e2021-12-22 12:43:34.296root 11241100x80000000000000004018316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.296{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.762f1aa0231e7e502021-12-22 12:43:34.296root 11241100x80000000000000004018317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.296{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0feadd03b9738392021-12-22 12:43:34.296root 11241100x80000000000000004018318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.296{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34236561dc6765532021-12-22 12:43:34.296root 11241100x80000000000000004018319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.296{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b4b554cf06ba292021-12-22 12:43:34.296root 11241100x80000000000000004018320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.296{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63b3f5a6af693e3b2021-12-22 12:43:34.296root 11241100x80000000000000004018321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.296{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23a7f687a2d38c9e2021-12-22 12:43:34.296root 11241100x80000000000000004018322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.296{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d1ed955215908b72021-12-22 12:43:34.296root 11241100x80000000000000004018323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.296{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2efa597c283687612021-12-22 12:43:34.296root 11241100x80000000000000004018324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.297{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.941b67d8322391952021-12-22 12:43:34.297root 11241100x80000000000000004018325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.297{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dd50fa116b6fa6b2021-12-22 12:43:34.297root 11241100x80000000000000004018326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.297{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90b93c7186e65af72021-12-22 12:43:34.297root 11241100x80000000000000004018327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.297{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee7c57119a3665362021-12-22 12:43:34.297root 11241100x80000000000000004018328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.297{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22b6f7163b6617fa2021-12-22 12:43:34.297root 11241100x80000000000000004018329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.297{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a6d8a5927841e722021-12-22 12:43:34.297root 11241100x80000000000000004018330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.297{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.738837c03470b3322021-12-22 12:43:34.297root 11241100x80000000000000004018331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.297{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17fdc57a8eddb7bb2021-12-22 12:43:34.297root 11241100x80000000000000004018332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.297{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88bf9f342799f36d2021-12-22 12:43:34.297root 11241100x80000000000000004018333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.297{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00c91e96f6395dba2021-12-22 12:43:34.297root 11241100x80000000000000004018334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.297{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae5730ddb719d9972021-12-22 12:43:34.297root 11241100x80000000000000004018335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.297{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52d133350aacbe3f2021-12-22 12:43:34.297root 11241100x80000000000000004018336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.297{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78bc937151f46fc12021-12-22 12:43:34.297root 11241100x80000000000000004018337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.297{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d43862810a852062021-12-22 12:43:34.297root 11241100x80000000000000004018338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.297{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb6211ebeb98c8ac2021-12-22 12:43:34.297root 11241100x80000000000000004018339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.297{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9d1cf6348cd9b002021-12-22 12:43:34.297root 11241100x80000000000000004018340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.298{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7a1f37d44ef85dd2021-12-22 12:43:34.298root 11241100x80000000000000004018341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.298{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77c4ef75b10a588a2021-12-22 12:43:34.298root 11241100x80000000000000004018342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.299{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c30b83969c0f7f722021-12-22 12:43:34.299root 11241100x80000000000000004018343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.299{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43d16d4aa1fa50372021-12-22 12:43:34.299root 11241100x80000000000000004018344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.299{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0837976d613fc9a2021-12-22 12:43:34.299root 11241100x80000000000000004018345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.299{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a428110ab92b0a52021-12-22 12:43:34.299root 11241100x80000000000000004018346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.299{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02abc6988fc2391e2021-12-22 12:43:34.299root 11241100x80000000000000004018347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.299{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6e7d09dfe02d90d2021-12-22 12:43:34.299root 11241100x80000000000000004018348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.300{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d9be88944b83ded2021-12-22 12:43:34.300root 11241100x80000000000000004018349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.300{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43bb95115fa366b52021-12-22 12:43:34.300root 11241100x80000000000000004018350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.300{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dca812126bbb8c32021-12-22 12:43:34.300root 11241100x80000000000000004018351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.300{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d6cf5a72eb6c51d2021-12-22 12:43:34.300root 11241100x80000000000000004018352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.300{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c0ce3b93d11dcc62021-12-22 12:43:34.300root 11241100x80000000000000004018353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.300{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b3cce6965926e3c2021-12-22 12:43:34.300root 11241100x80000000000000004018354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.300{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e2d2141ecca6df22021-12-22 12:43:34.300root 11241100x80000000000000004018355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.300{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd5f5e18d7bea1562021-12-22 12:43:34.300root 11241100x80000000000000004018356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.300{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f16dc96a911f31e2021-12-22 12:43:34.300root 11241100x80000000000000004018357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.300{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96be1619f76bfeae2021-12-22 12:43:34.300root 11241100x80000000000000004018358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.300{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.189be8218c854ba92021-12-22 12:43:34.300root 11241100x80000000000000004018359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.300{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c05d030d135b4892021-12-22 12:43:34.300root 11241100x80000000000000004018360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.301{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5befb7c620526d632021-12-22 12:43:34.301root 11241100x80000000000000004018361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.301{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4021849c05b510ee2021-12-22 12:43:34.301root 11241100x80000000000000004018362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.301{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28af2b65d42527e32021-12-22 12:43:34.301root 11241100x80000000000000004018363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.301{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bae73d971c5a3cf2021-12-22 12:43:34.301root 11241100x80000000000000004018364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.301{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.444a5a0567f1a2ff2021-12-22 12:43:34.301root 11241100x80000000000000004018365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.301{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce06376c44a81cf72021-12-22 12:43:34.301root 11241100x80000000000000004018366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.302{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.145eb2463baa8b1a2021-12-22 12:43:34.302root 11241100x80000000000000004018367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.303{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7db121865eaa5f632021-12-22 12:43:34.303root 11241100x80000000000000004018368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.303{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.063f4d6f62a311c02021-12-22 12:43:34.303root 11241100x80000000000000004018369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.303{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2dd5f60647a71982021-12-22 12:43:34.303root 11241100x80000000000000004018370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.303{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f8bc1be228f24952021-12-22 12:43:34.303root 11241100x80000000000000004018371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.303{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4c2c6e55c52ab612021-12-22 12:43:34.303root 11241100x80000000000000004018372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.303{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f4cb16580dd4f72021-12-22 12:43:34.303root 11241100x80000000000000004018373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.303{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1182dd06a3349cb72021-12-22 12:43:34.303root 11241100x80000000000000004018374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.303{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2f3f13fdb536f942021-12-22 12:43:34.303root 11241100x80000000000000004018375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f08dac823c25404c2021-12-22 12:43:34.692root 11241100x80000000000000004018376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3547c00deefd36a62021-12-22 12:43:34.693root 11241100x80000000000000004018377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.293dc4dc576a38ca2021-12-22 12:43:34.693root 11241100x80000000000000004018378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb4bc00f49c589cf2021-12-22 12:43:34.693root 11241100x80000000000000004018379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d18c87090357e92021-12-22 12:43:34.694root 11241100x80000000000000004018380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f9ecc830c3f0d852021-12-22 12:43:34.694root 11241100x80000000000000004018381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23126a2d6b3c3eac2021-12-22 12:43:34.694root 11241100x80000000000000004018382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb0c6ce6557a03de2021-12-22 12:43:34.694root 11241100x80000000000000004018383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f0de24397caf9012021-12-22 12:43:34.694root 11241100x80000000000000004018384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9845055101bee5c62021-12-22 12:43:34.695root 11241100x80000000000000004018385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cdb56cf1098a1e22021-12-22 12:43:34.695root 11241100x80000000000000004018386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9469ea1b5c32d94f2021-12-22 12:43:34.695root 11241100x80000000000000004018387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf12a4c0eb0161952021-12-22 12:43:34.696root 11241100x80000000000000004018388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0acdbe1c36748bd2021-12-22 12:43:34.696root 11241100x80000000000000004018389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.001f3ee5de4b620a2021-12-22 12:43:34.696root 11241100x80000000000000004018390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9dd04abcd6ae9332021-12-22 12:43:34.696root 11241100x80000000000000004018391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86eae9634d10790a2021-12-22 12:43:34.697root 11241100x80000000000000004018392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b9f608c994f9e102021-12-22 12:43:34.697root 11241100x80000000000000004018393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.092d9cbb8462983d2021-12-22 12:43:34.697root 11241100x80000000000000004018394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0cdae5f463e97c72021-12-22 12:43:34.697root 11241100x80000000000000004018395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8f95732cd45aa982021-12-22 12:43:34.698root 11241100x80000000000000004018396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3db4330aaad179c72021-12-22 12:43:34.698root 11241100x80000000000000004018397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77ca3d9ddbd8a3402021-12-22 12:43:34.698root 11241100x80000000000000004018398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fcbe22d4ff37b372021-12-22 12:43:34.698root 11241100x80000000000000004018399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8e608f74af9f5632021-12-22 12:43:34.699root 11241100x80000000000000004018400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49ebd8f6c1b4017e2021-12-22 12:43:34.699root 11241100x80000000000000004018401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.725825f07440ab232021-12-22 12:43:34.699root 11241100x80000000000000004018402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fafedbf13b9b1f342021-12-22 12:43:34.699root 11241100x80000000000000004018403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e626c967d48e57f82021-12-22 12:43:34.700root 11241100x80000000000000004018404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6df6c2ee53bf5342021-12-22 12:43:34.700root 11241100x80000000000000004018405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a40811027217dd32021-12-22 12:43:34.700root 11241100x80000000000000004018406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bafa52014a6871d2021-12-22 12:43:34.700root 11241100x80000000000000004018407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.096da4e9fce2fc1b2021-12-22 12:43:34.700root 11241100x80000000000000004018408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.effe81ba699b76472021-12-22 12:43:34.700root 11241100x80000000000000004018409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14d50077383fa0552021-12-22 12:43:34.700root 11241100x80000000000000004018410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a92670820dcc93a2021-12-22 12:43:34.700root 11241100x80000000000000004018411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6ad9cf39db2d0be2021-12-22 12:43:34.700root 11241100x80000000000000004018412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c812b1d466c42def2021-12-22 12:43:34.701root 11241100x80000000000000004018413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f00b4dd9ed1df0312021-12-22 12:43:34.701root 11241100x80000000000000004018414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58952d779cac0a2e2021-12-22 12:43:34.701root 11241100x80000000000000004018415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e03ba3dd5c09cc5e2021-12-22 12:43:34.701root 11241100x80000000000000004018416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a159e04997a7c62021-12-22 12:43:34.701root 11241100x80000000000000004018417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:34.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a02aef51b6f6ed332021-12-22 12:43:34.701root 11241100x80000000000000004018418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa340b499481d59b2021-12-22 12:43:35.193root 11241100x80000000000000004018419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8b7e2d4303d0fb62021-12-22 12:43:35.193root 11241100x80000000000000004018420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0202969eec1991322021-12-22 12:43:35.193root 11241100x80000000000000004018421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ef6bffbe8f31552021-12-22 12:43:35.193root 11241100x80000000000000004018422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12a0b2751973acab2021-12-22 12:43:35.194root 11241100x80000000000000004018423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d7e0c0f2093f63e2021-12-22 12:43:35.194root 11241100x80000000000000004018424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.645de171c3b5ec852021-12-22 12:43:35.194root 11241100x80000000000000004018425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7280975a55bc0b1a2021-12-22 12:43:35.194root 11241100x80000000000000004018426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d20916b940f30722021-12-22 12:43:35.194root 11241100x80000000000000004018427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aca084df455f62e52021-12-22 12:43:35.194root 11241100x80000000000000004018428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01cc391caf70da1a2021-12-22 12:43:35.194root 11241100x80000000000000004018429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab0d714565c69a1b2021-12-22 12:43:35.194root 11241100x80000000000000004018430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b45d6f61889fe7cc2021-12-22 12:43:35.194root 11241100x80000000000000004018431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af2c6577a25f33ad2021-12-22 12:43:35.195root 11241100x80000000000000004018432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a33cec9ca10a885c2021-12-22 12:43:35.195root 11241100x80000000000000004018433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41866bd59040174b2021-12-22 12:43:35.195root 11241100x80000000000000004018434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a81e7b157dcbf062021-12-22 12:43:35.195root 11241100x80000000000000004018435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4ae0631f091bc572021-12-22 12:43:35.195root 11241100x80000000000000004018436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd8fdd984e1390c52021-12-22 12:43:35.195root 11241100x80000000000000004018437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce6066d75253d6a32021-12-22 12:43:35.196root 11241100x80000000000000004018438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60333c5178d6db732021-12-22 12:43:35.196root 11241100x80000000000000004018439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.708be887ee0f5e2a2021-12-22 12:43:35.196root 11241100x80000000000000004018440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6572294d5ca3e13b2021-12-22 12:43:35.196root 11241100x80000000000000004018441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deeef0b304326e7a2021-12-22 12:43:35.196root 11241100x80000000000000004018442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a474fdc1b5d7e30f2021-12-22 12:43:35.196root 11241100x80000000000000004018443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b14db8b3106395ce2021-12-22 12:43:35.197root 11241100x80000000000000004018444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2b80a5db2e29b022021-12-22 12:43:35.197root 11241100x80000000000000004018445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fceaf71ec1e69ac02021-12-22 12:43:35.197root 11241100x80000000000000004018446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d91f160b023f74f02021-12-22 12:43:35.198root 11241100x80000000000000004018447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af525a44e1818bac2021-12-22 12:43:35.198root 11241100x80000000000000004018448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fb1bf2af3229bc92021-12-22 12:43:35.198root 11241100x80000000000000004018449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.703e4d14076517542021-12-22 12:43:35.198root 11241100x80000000000000004018450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd36021bef1958452021-12-22 12:43:35.198root 11241100x80000000000000004018451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.609397258fb486642021-12-22 12:43:35.198root 11241100x80000000000000004018452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a13c5a9635c35c2021-12-22 12:43:35.199root 11241100x80000000000000004018453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8915d2a41c531b852021-12-22 12:43:35.199root 11241100x80000000000000004018454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4259be029a5b67d2021-12-22 12:43:35.693root 11241100x80000000000000004018455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.360efaf9c07088cf2021-12-22 12:43:35.693root 11241100x80000000000000004018456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.749a648445f6130e2021-12-22 12:43:35.694root 11241100x80000000000000004018457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a3113d8d52ffad82021-12-22 12:43:35.694root 11241100x80000000000000004018458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.448e07b32ef2b8dd2021-12-22 12:43:35.694root 11241100x80000000000000004018459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5c2995e5ba2f9c22021-12-22 12:43:35.694root 11241100x80000000000000004018460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3135a9c86c0ab7882021-12-22 12:43:35.694root 11241100x80000000000000004018461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffcfbd607139ac022021-12-22 12:43:35.695root 11241100x80000000000000004018462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faa47ffd2ff7e5a82021-12-22 12:43:35.695root 11241100x80000000000000004018463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.717159813c43e36c2021-12-22 12:43:35.695root 11241100x80000000000000004018464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff82341663f5cbb2021-12-22 12:43:35.695root 11241100x80000000000000004018465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.779e8cc842930e682021-12-22 12:43:35.695root 11241100x80000000000000004018466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b60ccc372c51830e2021-12-22 12:43:35.695root 11241100x80000000000000004018467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c9862351fbb0b542021-12-22 12:43:35.695root 11241100x80000000000000004018468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd41ee2c21971bc12021-12-22 12:43:35.696root 11241100x80000000000000004018469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.709197238ec4ebc92021-12-22 12:43:35.696root 11241100x80000000000000004018470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff18a0d67f4e07622021-12-22 12:43:35.696root 11241100x80000000000000004018471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.455e0780461b92f52021-12-22 12:43:35.696root 11241100x80000000000000004018472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.809824a5dab456232021-12-22 12:43:35.696root 11241100x80000000000000004018473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3374bf40f621b8c52021-12-22 12:43:35.696root 11241100x80000000000000004018474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a48378798f5f99b92021-12-22 12:43:35.696root 11241100x80000000000000004018475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93dc3a91720bbdc52021-12-22 12:43:35.696root 11241100x80000000000000004018476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bfe69650a8501642021-12-22 12:43:35.696root 11241100x80000000000000004018477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ae3380b1130a4452021-12-22 12:43:35.697root 11241100x80000000000000004018478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80ea7ea1379d31b92021-12-22 12:43:35.697root 11241100x80000000000000004018479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c0638687b3ce2672021-12-22 12:43:35.697root 11241100x80000000000000004018480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c843136f8adb9d2021-12-22 12:43:35.697root 11241100x80000000000000004018481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb2078498f5610bc2021-12-22 12:43:35.697root 11241100x80000000000000004018482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a92e15c1f2f13d3f2021-12-22 12:43:35.697root 11241100x80000000000000004018483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.244bfe7c1a3038c72021-12-22 12:43:35.697root 11241100x80000000000000004018484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94831dba959f57b32021-12-22 12:43:35.697root 11241100x80000000000000004018485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a2bbbb8a1b454ce2021-12-22 12:43:35.697root 11241100x80000000000000004018486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f20655652350866d2021-12-22 12:43:35.697root 11241100x80000000000000004018487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9e0fa38d463b2f92021-12-22 12:43:35.698root 11241100x80000000000000004018488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48c1e8b7120f07562021-12-22 12:43:35.698root 11241100x80000000000000004018489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6072880f352bac242021-12-22 12:43:35.698root 11241100x80000000000000004018490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:35.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.810afe606cf3664b2021-12-22 12:43:35.698root 11241100x80000000000000004018491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe10b438da777ec22021-12-22 12:43:36.193root 11241100x80000000000000004018492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04583d529ee4db0d2021-12-22 12:43:36.193root 11241100x80000000000000004018493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53ddfa48629edfe12021-12-22 12:43:36.193root 11241100x80000000000000004018494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d67ad935d1cf07562021-12-22 12:43:36.193root 11241100x80000000000000004018495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b42486598e7318e2021-12-22 12:43:36.194root 11241100x80000000000000004018496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebf9c7fde579b25e2021-12-22 12:43:36.194root 11241100x80000000000000004018497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dd0958caf4632e22021-12-22 12:43:36.194root 11241100x80000000000000004018498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f485ac0f7ba99142021-12-22 12:43:36.194root 11241100x80000000000000004018499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.376f457bac96c9b32021-12-22 12:43:36.194root 11241100x80000000000000004018500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b88ab0879f2255c2021-12-22 12:43:36.194root 11241100x80000000000000004018501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7113a2633415cec42021-12-22 12:43:36.194root 11241100x80000000000000004018502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a4caacd8c4bd7752021-12-22 12:43:36.194root 11241100x80000000000000004018503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9101b5bd83a76dba2021-12-22 12:43:36.194root 11241100x80000000000000004018504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8db0d032dd121a0c2021-12-22 12:43:36.194root 11241100x80000000000000004018505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4961219b829393c42021-12-22 12:43:36.195root 11241100x80000000000000004018506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db2a7317522c09812021-12-22 12:43:36.195root 11241100x80000000000000004018507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe753c47c36a362b2021-12-22 12:43:36.195root 11241100x80000000000000004018508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6726217131da7d642021-12-22 12:43:36.195root 11241100x80000000000000004018509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8825c2c0d77c0de2021-12-22 12:43:36.195root 11241100x80000000000000004018510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d13af86b3293a67e2021-12-22 12:43:36.195root 11241100x80000000000000004018511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0b6b01667cda7212021-12-22 12:43:36.195root 11241100x80000000000000004018512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfb22a76c8b041f62021-12-22 12:43:36.195root 11241100x80000000000000004018513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b8b08173a4b3332021-12-22 12:43:36.196root 11241100x80000000000000004018514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.041adb7f7c2b00032021-12-22 12:43:36.196root 11241100x80000000000000004018515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.160c60bbf2aa22db2021-12-22 12:43:36.196root 11241100x80000000000000004018516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f2848c7cd4c42fe2021-12-22 12:43:36.196root 11241100x80000000000000004018517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c917b7cf591206c2021-12-22 12:43:36.196root 11241100x80000000000000004018518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf798232ebeca11e2021-12-22 12:43:36.196root 11241100x80000000000000004018519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07b4756901a684b52021-12-22 12:43:36.196root 11241100x80000000000000004018520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6126d0581e1bfa902021-12-22 12:43:36.196root 11241100x80000000000000004018521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60fdff6fda02e4d12021-12-22 12:43:36.196root 11241100x80000000000000004018522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa084250fef786f82021-12-22 12:43:36.196root 11241100x80000000000000004018523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18aae84272ef5f9e2021-12-22 12:43:36.196root 11241100x80000000000000004018524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.884ad0285a734ac12021-12-22 12:43:36.197root 11241100x80000000000000004018525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b2d52c7f8df2a1d2021-12-22 12:43:36.197root 11241100x80000000000000004018526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9153424e2e6c6cbd2021-12-22 12:43:36.197root 11241100x80000000000000004018527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e94a4314b6da2882021-12-22 12:43:36.692root 11241100x80000000000000004018528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11d104a48f52d4b22021-12-22 12:43:36.693root 11241100x80000000000000004018529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0428a56153db61a02021-12-22 12:43:36.693root 11241100x80000000000000004018530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2886bf389a552b42021-12-22 12:43:36.693root 11241100x80000000000000004018531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.817162559af067b92021-12-22 12:43:36.693root 11241100x80000000000000004018532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff94fe89fce2dba2021-12-22 12:43:36.693root 11241100x80000000000000004018533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1a61a4ce1ff8c502021-12-22 12:43:36.693root 11241100x80000000000000004018534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6196020964e73a4e2021-12-22 12:43:36.693root 11241100x80000000000000004018535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7a8308674d90bbf2021-12-22 12:43:36.694root 11241100x80000000000000004018536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e91314615c579262021-12-22 12:43:36.694root 11241100x80000000000000004018537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac55c23bf139cd1a2021-12-22 12:43:36.694root 11241100x80000000000000004018538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6435b185aba6d162021-12-22 12:43:36.694root 11241100x80000000000000004018539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfb4979994b1378e2021-12-22 12:43:36.694root 11241100x80000000000000004018540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8398c94648b3693d2021-12-22 12:43:36.694root 11241100x80000000000000004018541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45a78f7f2a8641a82021-12-22 12:43:36.694root 11241100x80000000000000004018542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.732958b21ca4cb8a2021-12-22 12:43:36.695root 11241100x80000000000000004018543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.715bc890d879df0f2021-12-22 12:43:36.695root 11241100x80000000000000004018544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d499ca46ad9ceb52021-12-22 12:43:36.695root 11241100x80000000000000004018545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fde2d5788c119002021-12-22 12:43:36.695root 11241100x80000000000000004018546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57156472d9945d912021-12-22 12:43:36.695root 11241100x80000000000000004018547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad643e913817c59f2021-12-22 12:43:36.695root 11241100x80000000000000004018548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72e1ea7c39f6d3c22021-12-22 12:43:36.695root 11241100x80000000000000004018549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46143f5976b741ec2021-12-22 12:43:36.696root 11241100x80000000000000004018550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b80db0e5d28284292021-12-22 12:43:36.696root 11241100x80000000000000004018551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a10a00e434cb8acd2021-12-22 12:43:36.697root 11241100x80000000000000004018552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cd5a2165ed280522021-12-22 12:43:36.697root 11241100x80000000000000004018553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5418788c5a3e6faa2021-12-22 12:43:36.697root 11241100x80000000000000004018554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55bdfc13516401132021-12-22 12:43:36.698root 11241100x80000000000000004018555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8606f7b264919002021-12-22 12:43:36.698root 11241100x80000000000000004018556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08e97ec907c3cab72021-12-22 12:43:36.698root 11241100x80000000000000004018557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb211a4f203edb0b2021-12-22 12:43:36.698root 11241100x80000000000000004018558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e33c4c753d2d0772021-12-22 12:43:36.698root 11241100x80000000000000004018559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9ed89af925be58e2021-12-22 12:43:36.698root 11241100x80000000000000004018560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68f6293553ca7f212021-12-22 12:43:36.698root 11241100x80000000000000004018561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b1f438276b948b72021-12-22 12:43:36.699root 11241100x80000000000000004018562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0dc57559f4f8ed12021-12-22 12:43:36.699root 11241100x80000000000000004018563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24cad1c8b3b9c1f62021-12-22 12:43:36.699root 11241100x80000000000000004018564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb4e9cc9f45c298e2021-12-22 12:43:36.699root 11241100x80000000000000004018565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92cb4da5e3b8ba792021-12-22 12:43:36.699root 11241100x80000000000000004018566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66de44f43559889a2021-12-22 12:43:36.699root 11241100x80000000000000004018567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b5c3c70454936b72021-12-22 12:43:36.699root 11241100x80000000000000004018568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:36.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.376d6f2dd0b457452021-12-22 12:43:36.699root 11241100x80000000000000004018569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.548899c9143f4c742021-12-22 12:43:37.192root 11241100x80000000000000004018570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b040af47e9e055d92021-12-22 12:43:37.193root 11241100x80000000000000004018571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc59e3d82ba818082021-12-22 12:43:37.193root 11241100x80000000000000004018572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed494041761dc8682021-12-22 12:43:37.194root 11241100x80000000000000004018573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac72b503e4a4bbd22021-12-22 12:43:37.194root 11241100x80000000000000004018574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9380642cf12467a72021-12-22 12:43:37.195root 11241100x80000000000000004018575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e46f91b1a8b18d052021-12-22 12:43:37.195root 11241100x80000000000000004018576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab5b6abb15439bbb2021-12-22 12:43:37.195root 11241100x80000000000000004018577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dd08cd9f0fb5f3c2021-12-22 12:43:37.196root 11241100x80000000000000004018578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90c0881c815ca75c2021-12-22 12:43:37.196root 11241100x80000000000000004018579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b6d5d4a57dacec52021-12-22 12:43:37.196root 11241100x80000000000000004018580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0292ae9eb0158a4d2021-12-22 12:43:37.197root 11241100x80000000000000004018581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c13adc16118b7442021-12-22 12:43:37.197root 11241100x80000000000000004018582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdb91d14ec4a5bb62021-12-22 12:43:37.197root 11241100x80000000000000004018583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.187ea54bb407bf542021-12-22 12:43:37.197root 11241100x80000000000000004018584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcba9cef087226b92021-12-22 12:43:37.198root 11241100x80000000000000004018585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.400f56fbcfac844a2021-12-22 12:43:37.198root 11241100x80000000000000004018586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6db79bb9fa7d4752021-12-22 12:43:37.198root 11241100x80000000000000004018587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d06aeec8b0f0e1492021-12-22 12:43:37.198root 11241100x80000000000000004018588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.632561adb89107b22021-12-22 12:43:37.198root 11241100x80000000000000004018589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d3f0166cc4d94c82021-12-22 12:43:37.198root 11241100x80000000000000004018590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f704974746a90e5e2021-12-22 12:43:37.199root 11241100x80000000000000004018591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6ae1b8352868cc62021-12-22 12:43:37.199root 11241100x80000000000000004018592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b107406c5efd5de82021-12-22 12:43:37.199root 11241100x80000000000000004018593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1678a64172e866e22021-12-22 12:43:37.199root 11241100x80000000000000004018594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04bcf92a6156ebbf2021-12-22 12:43:37.199root 11241100x80000000000000004018595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd88a897d7dac6e22021-12-22 12:43:37.199root 11241100x80000000000000004018596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b2cb94f9ee75972021-12-22 12:43:37.199root 11241100x80000000000000004018597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a6da154b7f130922021-12-22 12:43:37.200root 11241100x80000000000000004018598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3ebb5985963281f2021-12-22 12:43:37.200root 11241100x80000000000000004018599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af433fbee49b3f042021-12-22 12:43:37.200root 11241100x80000000000000004018600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf5748521937e4872021-12-22 12:43:37.200root 11241100x80000000000000004018601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ebe500dfedc8a512021-12-22 12:43:37.200root 11241100x80000000000000004018602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf43d386fe64e8a82021-12-22 12:43:37.200root 11241100x80000000000000004018603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2efaeb8f4355c2222021-12-22 12:43:37.200root 11241100x80000000000000004018604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4ac92bfa650f9cb2021-12-22 12:43:37.200root 11241100x80000000000000004018605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64cf4ef11ff3db382021-12-22 12:43:37.200root 11241100x80000000000000004018606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f41aaa1ce05a15552021-12-22 12:43:37.201root 11241100x80000000000000004018607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38cf1310d9b7018b2021-12-22 12:43:37.201root 11241100x80000000000000004018608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89e0ca9ae48d93ec2021-12-22 12:43:37.693root 11241100x80000000000000004018609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5e494c773bb2a5e2021-12-22 12:43:37.693root 11241100x80000000000000004018610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c35668d5b90d2a5d2021-12-22 12:43:37.693root 11241100x80000000000000004018611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.973ef5b8c79911692021-12-22 12:43:37.693root 11241100x80000000000000004018612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab47a6842f100a652021-12-22 12:43:37.694root 11241100x80000000000000004018613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0858de5f4dc6e9172021-12-22 12:43:37.694root 11241100x80000000000000004018614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3c08d9891635dbc2021-12-22 12:43:37.694root 11241100x80000000000000004018615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15b8eac8ba1a373a2021-12-22 12:43:37.694root 11241100x80000000000000004018616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee9903088db6cb502021-12-22 12:43:37.694root 11241100x80000000000000004018617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5074e04c30d406f82021-12-22 12:43:37.694root 11241100x80000000000000004018618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a93e30ee99b95ae2021-12-22 12:43:37.694root 11241100x80000000000000004018619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd7765cd658223a2021-12-22 12:43:37.695root 11241100x80000000000000004018620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b526a6725a7a65d82021-12-22 12:43:37.695root 11241100x80000000000000004018621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5614404eb14b0a912021-12-22 12:43:37.695root 11241100x80000000000000004018622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45910821a6232a382021-12-22 12:43:37.695root 11241100x80000000000000004018623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ae86778c4415cb22021-12-22 12:43:37.695root 11241100x80000000000000004018624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9687d7065b7f03ae2021-12-22 12:43:37.695root 11241100x80000000000000004018625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aedf4f8d73b62aa2021-12-22 12:43:37.696root 11241100x80000000000000004018626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b535c3d15be4d3412021-12-22 12:43:37.696root 11241100x80000000000000004018627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9932b0f55709eae52021-12-22 12:43:37.696root 11241100x80000000000000004018628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.092ed4f0adec46a72021-12-22 12:43:37.696root 11241100x80000000000000004018629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3502886646dbf15d2021-12-22 12:43:37.696root 11241100x80000000000000004018630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d06dc35079625992021-12-22 12:43:37.697root 11241100x80000000000000004018631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5471fcadb8e98232021-12-22 12:43:37.697root 11241100x80000000000000004018632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.498b27b75fdb2e362021-12-22 12:43:37.697root 11241100x80000000000000004018633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cbc7265efac6bce2021-12-22 12:43:37.697root 11241100x80000000000000004018634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e764e3469957d1382021-12-22 12:43:37.697root 11241100x80000000000000004018635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac79995790311a812021-12-22 12:43:37.697root 11241100x80000000000000004018636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e282b8d0b3d5442021-12-22 12:43:37.698root 11241100x80000000000000004018637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.789766ca3b95ead32021-12-22 12:43:37.698root 11241100x80000000000000004018638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4db4f6a027137062021-12-22 12:43:37.698root 11241100x80000000000000004018639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33387e2115fe09da2021-12-22 12:43:37.698root 11241100x80000000000000004018640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12b97efc538beb622021-12-22 12:43:37.698root 11241100x80000000000000004018641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af98ade78501c2ab2021-12-22 12:43:37.699root 11241100x80000000000000004018642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aee81dbdc0ed0aee2021-12-22 12:43:37.699root 11241100x80000000000000004018643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dfdef714f8910da2021-12-22 12:43:37.699root 11241100x80000000000000004018644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5cf57dff17579022021-12-22 12:43:37.699root 11241100x80000000000000004018645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25455db4cb54af282021-12-22 12:43:37.699root 11241100x80000000000000004018646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19a3640ef081b4352021-12-22 12:43:37.699root 11241100x80000000000000004018647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c187071f1873392021-12-22 12:43:37.699root 11241100x80000000000000004018648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba16752eef867eea2021-12-22 12:43:37.700root 11241100x80000000000000004018649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed0e2a8e6398302a2021-12-22 12:43:37.700root 11241100x80000000000000004018650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.522c0818ef3f01c92021-12-22 12:43:37.700root 11241100x80000000000000004018651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47ca3567a9dc92962021-12-22 12:43:37.700root 11241100x80000000000000004018652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.012d7bc53091e6772021-12-22 12:43:37.700root 11241100x80000000000000004018653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c332b008ba7f3a582021-12-22 12:43:37.701root 11241100x80000000000000004018654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:37.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e1ec7c9af6cdc402021-12-22 12:43:37.701root 354300x80000000000000004018655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.081{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-56820-false10.0.1.12-8000- 11241100x80000000000000004018656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b831ac94b71e24e32021-12-22 12:43:38.082root 11241100x80000000000000004018657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8add882e80dfb512021-12-22 12:43:38.082root 11241100x80000000000000004018658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24ff0196feb0a1972021-12-22 12:43:38.082root 11241100x80000000000000004018659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1da1c4d47ca652522021-12-22 12:43:38.082root 11241100x80000000000000004018660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba320d0d0ed7e4be2021-12-22 12:43:38.082root 11241100x80000000000000004018661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6014c1599dc903d22021-12-22 12:43:38.083root 11241100x80000000000000004018662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11b2e0845adfce412021-12-22 12:43:38.083root 11241100x80000000000000004018663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9dfa15038b3464c2021-12-22 12:43:38.083root 11241100x80000000000000004018664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6078e1298ff11d052021-12-22 12:43:38.083root 11241100x80000000000000004018665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb96d366853a0c9e2021-12-22 12:43:38.083root 11241100x80000000000000004018666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ddbb1cb8f9d09bb2021-12-22 12:43:38.083root 11241100x80000000000000004018667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e27f46300057482021-12-22 12:43:38.083root 11241100x80000000000000004018668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.354659e767c722812021-12-22 12:43:38.083root 11241100x80000000000000004018669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09d4a5335ab958fb2021-12-22 12:43:38.083root 11241100x80000000000000004018670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5db31be5de5a13442021-12-22 12:43:38.083root 11241100x80000000000000004018671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64caab98d7403f402021-12-22 12:43:38.084root 11241100x80000000000000004018672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1d063d03970c9252021-12-22 12:43:38.084root 11241100x80000000000000004018673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0366a0edd2f50c02021-12-22 12:43:38.084root 11241100x80000000000000004018674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1523c60e2c7d77c92021-12-22 12:43:38.084root 11241100x80000000000000004018675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78688ac5c0c41d672021-12-22 12:43:38.084root 11241100x80000000000000004018676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aabd928b9c8c1cbf2021-12-22 12:43:38.084root 11241100x80000000000000004018677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5367d1b5319fb532021-12-22 12:43:38.084root 11241100x80000000000000004018678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70cb5b926b538a282021-12-22 12:43:38.084root 11241100x80000000000000004018679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59346bff715e690b2021-12-22 12:43:38.084root 11241100x80000000000000004018680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18541d8d241f642f2021-12-22 12:43:38.084root 11241100x80000000000000004018681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.085{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6508f8eea8d57cec2021-12-22 12:43:38.085root 11241100x80000000000000004018682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.085{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.094e45ac7a83bb322021-12-22 12:43:38.085root 11241100x80000000000000004018683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.085{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b48f6971a3e12db2021-12-22 12:43:38.085root 11241100x80000000000000004018684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.085{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f42d22a30c11a7292021-12-22 12:43:38.085root 11241100x80000000000000004018685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.085{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b9937e572af31012021-12-22 12:43:38.085root 11241100x80000000000000004018686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.085{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4128a68b8811dc6c2021-12-22 12:43:38.085root 11241100x80000000000000004018687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.085{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3e940e42db36bcf2021-12-22 12:43:38.085root 11241100x80000000000000004018688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f465de35471aa7812021-12-22 12:43:38.086root 11241100x80000000000000004018689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae27fa5974b598082021-12-22 12:43:38.086root 11241100x80000000000000004018690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7b3114d92cd03ec2021-12-22 12:43:38.086root 11241100x80000000000000004018691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23a05e0c8b9ecc082021-12-22 12:43:38.086root 11241100x80000000000000004018692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1958272dac88f3642021-12-22 12:43:38.086root 11241100x80000000000000004018693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bedca6e3df5d15a52021-12-22 12:43:38.086root 11241100x80000000000000004018694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b3e05c1e60005e72021-12-22 12:43:38.086root 11241100x80000000000000004018695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a90519e9043ba312021-12-22 12:43:38.086root 11241100x80000000000000004018696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97533742ea04cf852021-12-22 12:43:38.086root 11241100x80000000000000004018697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.087{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcc3dc4ba0aa234c2021-12-22 12:43:38.087root 11241100x80000000000000004018698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.087{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a5bcec2e3a610602021-12-22 12:43:38.087root 11241100x80000000000000004018699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.087{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21bbad76623b40c22021-12-22 12:43:38.087root 11241100x80000000000000004018700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.087{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bab8c3308a64d622021-12-22 12:43:38.087root 11241100x80000000000000004018701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.087{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1af460b6dac49bd2021-12-22 12:43:38.087root 11241100x80000000000000004018702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90e5e720b650013d2021-12-22 12:43:38.443root 11241100x80000000000000004018703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ce5e185356020462021-12-22 12:43:38.443root 11241100x80000000000000004018704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fb3526cc746488e2021-12-22 12:43:38.443root 11241100x80000000000000004018705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5351a815b10041732021-12-22 12:43:38.444root 11241100x80000000000000004018706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8499051338dd69f92021-12-22 12:43:38.444root 11241100x80000000000000004018707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28ea62809df79f522021-12-22 12:43:38.444root 11241100x80000000000000004018708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b64a8582c54fe3122021-12-22 12:43:38.445root 11241100x80000000000000004018709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4f66333ae535c972021-12-22 12:43:38.447root 11241100x80000000000000004018710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9407704da0e8f90d2021-12-22 12:43:38.447root 11241100x80000000000000004018711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3c59783855436682021-12-22 12:43:38.447root 11241100x80000000000000004018712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93a5b93dffcf9a832021-12-22 12:43:38.447root 11241100x80000000000000004018713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93bc8cc9411f25be2021-12-22 12:43:38.447root 11241100x80000000000000004018714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.087b00c3e490f1892021-12-22 12:43:38.447root 11241100x80000000000000004018715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d96b629bcb0a66722021-12-22 12:43:38.447root 11241100x80000000000000004018716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5322cf1f3603fe262021-12-22 12:43:38.447root 11241100x80000000000000004018717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc41c7d3ead690512021-12-22 12:43:38.448root 11241100x80000000000000004018718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfe6efc78ba591402021-12-22 12:43:38.448root 11241100x80000000000000004018719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5465e73e1b59797a2021-12-22 12:43:38.448root 11241100x80000000000000004018720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4888b365847e04d2021-12-22 12:43:38.448root 11241100x80000000000000004018721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13ff080979f21e262021-12-22 12:43:38.448root 11241100x80000000000000004018722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4b3b2d62dc7d4bc2021-12-22 12:43:38.449root 11241100x80000000000000004018723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4db230a89d6c735f2021-12-22 12:43:38.449root 11241100x80000000000000004018724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c6d03092ed522112021-12-22 12:43:38.449root 11241100x80000000000000004018725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a228d54107623582021-12-22 12:43:38.449root 11241100x80000000000000004018726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aebd3b95f690bb8a2021-12-22 12:43:38.449root 11241100x80000000000000004018727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70dcfe6bdbea5b452021-12-22 12:43:38.449root 11241100x80000000000000004018728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98b7f76728fcf4302021-12-22 12:43:38.449root 11241100x80000000000000004018729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7baed51174ee16d2021-12-22 12:43:38.449root 11241100x80000000000000004018730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9751a86cd3ff9c172021-12-22 12:43:38.449root 11241100x80000000000000004018731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.638d1e3cbad911c32021-12-22 12:43:38.450root 11241100x80000000000000004018732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.837d759f1b76b5692021-12-22 12:43:38.450root 11241100x80000000000000004018733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f179c52cbdf34342021-12-22 12:43:38.450root 11241100x80000000000000004018734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9611f21a9086ba8b2021-12-22 12:43:38.450root 11241100x80000000000000004018735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c726ba584d717692021-12-22 12:43:38.450root 11241100x80000000000000004018736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.860698985d6b85222021-12-22 12:43:38.450root 11241100x80000000000000004018737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f125addc4b9fbe782021-12-22 12:43:38.450root 11241100x80000000000000004018738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12913a3ed678b3632021-12-22 12:43:38.450root 11241100x80000000000000004018739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3334b847269cd2a2021-12-22 12:43:38.450root 11241100x80000000000000004018740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24cee5455acf2d892021-12-22 12:43:38.450root 11241100x80000000000000004018741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.123fc173edf6b2c92021-12-22 12:43:38.451root 11241100x80000000000000004018742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2581ee38f306c5f52021-12-22 12:43:38.451root 11241100x80000000000000004018743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd6ab86e4ae4c67a2021-12-22 12:43:38.451root 11241100x80000000000000004018744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a15c1b9d9a145de2021-12-22 12:43:38.451root 11241100x80000000000000004018745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.619ec57e2ac4be032021-12-22 12:43:38.451root 11241100x80000000000000004018746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9185158b6580d5d42021-12-22 12:43:38.943root 11241100x80000000000000004018747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.516b9ce8eac282342021-12-22 12:43:38.943root 11241100x80000000000000004018748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3258d16276c4cac52021-12-22 12:43:38.943root 11241100x80000000000000004018749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7f2eba11c6902242021-12-22 12:43:38.943root 11241100x80000000000000004018750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc165d03f23ad9972021-12-22 12:43:38.943root 11241100x80000000000000004018751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29c2cbd5b115e6b32021-12-22 12:43:38.943root 11241100x80000000000000004018752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b804b9b9ccb474f2021-12-22 12:43:38.943root 11241100x80000000000000004018753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a079ef3875323ac02021-12-22 12:43:38.943root 11241100x80000000000000004018754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bed1f958d2d6519f2021-12-22 12:43:38.943root 11241100x80000000000000004018755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ecdba4627318bac2021-12-22 12:43:38.944root 11241100x80000000000000004018756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f4522a37f4f12d12021-12-22 12:43:38.944root 11241100x80000000000000004018757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9495e293e3ea69d2021-12-22 12:43:38.944root 11241100x80000000000000004018758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74920709db3ecde12021-12-22 12:43:38.944root 11241100x80000000000000004018759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77e53592e74b6e9b2021-12-22 12:43:38.944root 11241100x80000000000000004018760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8731be903ef640f32021-12-22 12:43:38.944root 11241100x80000000000000004018761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c90d9af6d6b85d2021-12-22 12:43:38.944root 11241100x80000000000000004018762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94334a69f9035c472021-12-22 12:43:38.945root 11241100x80000000000000004018763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27ba7c96dff4f1222021-12-22 12:43:38.945root 11241100x80000000000000004018764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf131802596d567d2021-12-22 12:43:38.945root 11241100x80000000000000004018765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.098ff6ed77e29e592021-12-22 12:43:38.945root 11241100x80000000000000004018766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9d1e755129e32812021-12-22 12:43:38.945root 11241100x80000000000000004018767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e0be6bcd70843d82021-12-22 12:43:38.946root 11241100x80000000000000004018768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93c3fa021dda80e32021-12-22 12:43:38.946root 11241100x80000000000000004018769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8112a48d8b32853b2021-12-22 12:43:38.946root 11241100x80000000000000004018770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b67a919f53921c872021-12-22 12:43:38.946root 11241100x80000000000000004018771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec636efb166b8c7a2021-12-22 12:43:38.946root 11241100x80000000000000004018772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a53156504da3fa532021-12-22 12:43:38.946root 11241100x80000000000000004018773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80d9301a89a859e92021-12-22 12:43:38.946root 11241100x80000000000000004018774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a3647bae5d5f86e2021-12-22 12:43:38.946root 11241100x80000000000000004018775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d3568e5da17e6b82021-12-22 12:43:38.947root 11241100x80000000000000004018776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4291c2c40da363bd2021-12-22 12:43:38.947root 11241100x80000000000000004018777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55ffedc23764b6432021-12-22 12:43:38.947root 11241100x80000000000000004018778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66824f7ae8d5786d2021-12-22 12:43:38.947root 11241100x80000000000000004018779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3801ed160983f9632021-12-22 12:43:38.947root 11241100x80000000000000004018780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43b79ba1c5ee06532021-12-22 12:43:38.947root 11241100x80000000000000004018781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bea7a2da72b9f3ff2021-12-22 12:43:38.947root 11241100x80000000000000004018782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1264fbb172985302021-12-22 12:43:38.947root 11241100x80000000000000004018783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93073b00c1cdf3332021-12-22 12:43:38.947root 11241100x80000000000000004018784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0b6cc44d544dd0f2021-12-22 12:43:38.948root 11241100x80000000000000004018785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c60e7dc571e9fa32021-12-22 12:43:38.948root 11241100x80000000000000004018786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81ad345a00b604b92021-12-22 12:43:38.948root 11241100x80000000000000004018787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9b7b641619f16262021-12-22 12:43:38.948root 11241100x80000000000000004018788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa2ca2d1ebdfdd652021-12-22 12:43:38.948root 11241100x80000000000000004018789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c34d2f08536b1e2021-12-22 12:43:38.948root 11241100x80000000000000004018790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08d654ba37de24a12021-12-22 12:43:38.948root 11241100x80000000000000004018791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c153232119da0892021-12-22 12:43:38.948root 11241100x80000000000000004018792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74b6e0d20d45b34d2021-12-22 12:43:38.949root 11241100x80000000000000004018793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8500bdbacf7448382021-12-22 12:43:38.949root 11241100x80000000000000004018794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d534c14f0b4f785f2021-12-22 12:43:38.949root 11241100x80000000000000004018795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3f474b921497cee2021-12-22 12:43:38.949root 11241100x80000000000000004018796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.941efae9ad72b9e32021-12-22 12:43:38.949root 11241100x80000000000000004018797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcd332a0a456dc392021-12-22 12:43:38.949root 11241100x80000000000000004018798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.483ba30d7de813f12021-12-22 12:43:38.949root 11241100x80000000000000004018799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45e56b104275ac052021-12-22 12:43:38.950root 11241100x80000000000000004018800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2923111d5802130d2021-12-22 12:43:38.950root 23542300x80000000000000004018801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:38.969{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000004018802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a839a36ebff5b122021-12-22 12:43:39.443root 11241100x80000000000000004018803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd754e687dd849272021-12-22 12:43:39.443root 11241100x80000000000000004018804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebe7d9d344c602e82021-12-22 12:43:39.443root 11241100x80000000000000004018805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.755b8a0cad5f27342021-12-22 12:43:39.444root 11241100x80000000000000004018806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63e16ba2df931a712021-12-22 12:43:39.444root 11241100x80000000000000004018807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04aaed971b7e8ccb2021-12-22 12:43:39.444root 11241100x80000000000000004018808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62fb9559aac085f72021-12-22 12:43:39.444root 11241100x80000000000000004018809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cf71681b51e842e2021-12-22 12:43:39.444root 11241100x80000000000000004018810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7188b6b01963db012021-12-22 12:43:39.444root 11241100x80000000000000004018811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0be5872920662d5b2021-12-22 12:43:39.444root 11241100x80000000000000004018812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.349c3d9b9b6022b22021-12-22 12:43:39.445root 11241100x80000000000000004018813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd0992e8b993ff3f2021-12-22 12:43:39.445root 11241100x80000000000000004018814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d96cea387d8efbe2021-12-22 12:43:39.445root 11241100x80000000000000004018815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22564ff2fa0cd2402021-12-22 12:43:39.445root 11241100x80000000000000004018816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b40f43c76f89bfd2021-12-22 12:43:39.446root 11241100x80000000000000004018817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dccdb0e3f85361e72021-12-22 12:43:39.446root 11241100x80000000000000004018818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0fb925ffd70134b2021-12-22 12:43:39.446root 11241100x80000000000000004018819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af8265a385624e872021-12-22 12:43:39.446root 11241100x80000000000000004018820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba81a1752c3e86912021-12-22 12:43:39.447root 11241100x80000000000000004018821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c7c027453764cc42021-12-22 12:43:39.447root 11241100x80000000000000004018822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1a87698a2e3109e2021-12-22 12:43:39.447root 11241100x80000000000000004018823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3afc80c64aa8f6642021-12-22 12:43:39.448root 11241100x80000000000000004018824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58be8ba23973d1a22021-12-22 12:43:39.448root 11241100x80000000000000004018825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1963b35d0b4612ce2021-12-22 12:43:39.448root 11241100x80000000000000004018826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d6fda6b3cd6f3f2021-12-22 12:43:39.448root 11241100x80000000000000004018827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bbd01369e57bff62021-12-22 12:43:39.448root 11241100x80000000000000004018828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb7ff5f9358841e52021-12-22 12:43:39.448root 11241100x80000000000000004018829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db265359fe6d0c7e2021-12-22 12:43:39.449root 11241100x80000000000000004018830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a642ab5cfb587f42021-12-22 12:43:39.449root 11241100x80000000000000004018831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d5cdd75267b9e82021-12-22 12:43:39.449root 11241100x80000000000000004018832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12be0773dfff372f2021-12-22 12:43:39.449root 11241100x80000000000000004018833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6569f295d1a6f582021-12-22 12:43:39.449root 11241100x80000000000000004018834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70e4fd61cfffa6e02021-12-22 12:43:39.449root 11241100x80000000000000004018835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fa6b814857646862021-12-22 12:43:39.449root 11241100x80000000000000004018836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d900fb640bec3d982021-12-22 12:43:39.449root 11241100x80000000000000004018837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b5846b28e89da5a2021-12-22 12:43:39.450root 11241100x80000000000000004018838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90cab23e8350fa042021-12-22 12:43:39.450root 11241100x80000000000000004018839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc70bfb59260d6a2021-12-22 12:43:39.450root 11241100x80000000000000004018840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56675e99473a52f92021-12-22 12:43:39.450root 11241100x80000000000000004018841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.384ba4371e782c342021-12-22 12:43:39.451root 11241100x80000000000000004018842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16505d5280df08932021-12-22 12:43:39.451root 11241100x80000000000000004018843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe974eff51add8262021-12-22 12:43:39.451root 11241100x80000000000000004018844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25194c58b72e83152021-12-22 12:43:39.451root 11241100x80000000000000004018845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be74cbaa55c63f5d2021-12-22 12:43:39.452root 11241100x80000000000000004018846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea72cdaee7e95c322021-12-22 12:43:39.452root 11241100x80000000000000004018847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0889c701e9909e592021-12-22 12:43:39.452root 11241100x80000000000000004018848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.160fe0655a4e1cbf2021-12-22 12:43:39.452root 11241100x80000000000000004018849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2911c30f149a40c2021-12-22 12:43:39.453root 11241100x80000000000000004018850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0efc42e08ad695b2021-12-22 12:43:39.453root 11241100x80000000000000004018851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.850bad8245bbaa842021-12-22 12:43:39.453root 11241100x80000000000000004018852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca52b53fd23cf6202021-12-22 12:43:39.453root 11241100x80000000000000004018853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a313aa3eddfefba2021-12-22 12:43:39.454root 11241100x80000000000000004018854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e033f2a1c0ca701f2021-12-22 12:43:39.943root 11241100x80000000000000004018855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.596a9d5e3302de8d2021-12-22 12:43:39.943root 11241100x80000000000000004018856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61ea69bf1977a07c2021-12-22 12:43:39.943root 11241100x80000000000000004018857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcdea27619e841532021-12-22 12:43:39.944root 11241100x80000000000000004018858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.139cfac91152b0532021-12-22 12:43:39.944root 11241100x80000000000000004018859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5525bec478f8a0f2021-12-22 12:43:39.944root 11241100x80000000000000004018860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cba8c0029f57d2e2021-12-22 12:43:39.944root 11241100x80000000000000004018861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e81423bbcaa0f77e2021-12-22 12:43:39.944root 11241100x80000000000000004018862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d6ac38a08c45e472021-12-22 12:43:39.944root 11241100x80000000000000004018863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f4f073130b9c9a82021-12-22 12:43:39.944root 11241100x80000000000000004018864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a64ef74ddb723cf92021-12-22 12:43:39.944root 11241100x80000000000000004018865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.130485e8f52056822021-12-22 12:43:39.945root 11241100x80000000000000004018866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6db2c66c837fa482021-12-22 12:43:39.945root 11241100x80000000000000004018867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dad21c4dac5746a2021-12-22 12:43:39.945root 11241100x80000000000000004018868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.490962ce54c52be92021-12-22 12:43:39.945root 11241100x80000000000000004018869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aab3d0596b665512021-12-22 12:43:39.945root 11241100x80000000000000004018870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acb754465245b4382021-12-22 12:43:39.945root 11241100x80000000000000004018871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8f60abec74725182021-12-22 12:43:39.945root 11241100x80000000000000004018872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bff3261ef27da962021-12-22 12:43:39.946root 11241100x80000000000000004018873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f145fdc859212062021-12-22 12:43:39.946root 11241100x80000000000000004018874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55beecd0a5bd5c972021-12-22 12:43:39.946root 11241100x80000000000000004018875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9783f9a86781803f2021-12-22 12:43:39.946root 11241100x80000000000000004018876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0769598b8cd4fb042021-12-22 12:43:39.946root 11241100x80000000000000004018877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51e431588f91dcde2021-12-22 12:43:39.946root 11241100x80000000000000004018878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7066b3ad2b7d62df2021-12-22 12:43:39.947root 11241100x80000000000000004018879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93345144f60b6f212021-12-22 12:43:39.947root 11241100x80000000000000004018880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8565542c57e9c23f2021-12-22 12:43:39.947root 11241100x80000000000000004018881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e49c82e504e222932021-12-22 12:43:39.947root 11241100x80000000000000004018882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fbc96537a90dcf52021-12-22 12:43:39.947root 11241100x80000000000000004018883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f9e34042d81dd3f2021-12-22 12:43:39.947root 11241100x80000000000000004018884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2697ddca769e51e2021-12-22 12:43:39.947root 11241100x80000000000000004018885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc50c653eb6ab7052021-12-22 12:43:39.947root 11241100x80000000000000004018886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25606c5d4a95ceb92021-12-22 12:43:39.947root 11241100x80000000000000004018887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ede7193b67194192021-12-22 12:43:39.948root 11241100x80000000000000004018888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd6c22647c06ae92021-12-22 12:43:39.948root 11241100x80000000000000004018889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faba6c19e8c2abda2021-12-22 12:43:39.948root 11241100x80000000000000004018890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f44e79a9c4346fdb2021-12-22 12:43:39.948root 11241100x80000000000000004018891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16098f1f856433552021-12-22 12:43:39.948root 11241100x80000000000000004018892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fec5de44b0f8de42021-12-22 12:43:39.948root 11241100x80000000000000004018893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.200994ffe54cee302021-12-22 12:43:39.949root 11241100x80000000000000004018894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79c4ba1365fc14032021-12-22 12:43:39.949root 11241100x80000000000000004018895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.728a8b08964b255c2021-12-22 12:43:39.949root 11241100x80000000000000004018896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dc48024e4ec75362021-12-22 12:43:39.949root 11241100x80000000000000004018897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da8c6bd313b78162021-12-22 12:43:39.949root 11241100x80000000000000004018898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35d6f90c370399d42021-12-22 12:43:39.949root 11241100x80000000000000004018899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7849f2a3e1f79652021-12-22 12:43:39.950root 11241100x80000000000000004018900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c43190042db258ee2021-12-22 12:43:39.950root 11241100x80000000000000004018901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2e898dc89825fc12021-12-22 12:43:39.950root 11241100x80000000000000004018902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a75f894c2d471e612021-12-22 12:43:39.950root 11241100x80000000000000004018903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5267ca33a93bef862021-12-22 12:43:39.950root 11241100x80000000000000004018904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4967b4fb7e50fed52021-12-22 12:43:39.950root 11241100x80000000000000004018905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3b993c0f077ad5b2021-12-22 12:43:39.951root 11241100x80000000000000004018906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.094b3d91f4efae8f2021-12-22 12:43:39.951root 11241100x80000000000000004018907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:39.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba9e9523e9397fe02021-12-22 12:43:39.951root 11241100x80000000000000004018908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.631190f1c0f1b5b22021-12-22 12:43:40.443root 11241100x80000000000000004018909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0448967843a1a642021-12-22 12:43:40.443root 11241100x80000000000000004018910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d8347b238f336cd2021-12-22 12:43:40.444root 11241100x80000000000000004018911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4408fad3c35c8c02021-12-22 12:43:40.444root 11241100x80000000000000004018912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5591b900932ab2ec2021-12-22 12:43:40.445root 11241100x80000000000000004018913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b625f46e48c8c1a2021-12-22 12:43:40.445root 11241100x80000000000000004018914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06a0c784f17c64c12021-12-22 12:43:40.445root 11241100x80000000000000004018915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c958c90015b96f152021-12-22 12:43:40.445root 11241100x80000000000000004018916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b69156a9a938af02021-12-22 12:43:40.445root 11241100x80000000000000004018917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35d7744abe5016fe2021-12-22 12:43:40.445root 11241100x80000000000000004018918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d379a8c89d0e459d2021-12-22 12:43:40.445root 11241100x80000000000000004018919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efd629b3cedc85092021-12-22 12:43:40.445root 11241100x80000000000000004018920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b078c12ef7e14a712021-12-22 12:43:40.446root 11241100x80000000000000004018921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8af5232ef7b391d42021-12-22 12:43:40.446root 11241100x80000000000000004018922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd2a2c3eb14530052021-12-22 12:43:40.446root 11241100x80000000000000004018923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e0ebcfa06f4c3542021-12-22 12:43:40.446root 11241100x80000000000000004018924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4ee685a5ca0c1b42021-12-22 12:43:40.446root 11241100x80000000000000004018925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7337a8fd608312992021-12-22 12:43:40.446root 11241100x80000000000000004018926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f96a19857b458c52021-12-22 12:43:40.446root 11241100x80000000000000004018927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f78ff468ea742442021-12-22 12:43:40.447root 11241100x80000000000000004018928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c95276b390adc772021-12-22 12:43:40.447root 11241100x80000000000000004018929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.334c7518aa5605212021-12-22 12:43:40.448root 11241100x80000000000000004018930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eebe1cc9961e17462021-12-22 12:43:40.448root 11241100x80000000000000004018931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b66a3032f5da1d5a2021-12-22 12:43:40.448root 11241100x80000000000000004018932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc767e8a99a51fb12021-12-22 12:43:40.449root 11241100x80000000000000004018933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07b2a8db67a82c6f2021-12-22 12:43:40.450root 11241100x80000000000000004018934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4630d9155dafe8c42021-12-22 12:43:40.450root 11241100x80000000000000004018935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f457cf85c748e872021-12-22 12:43:40.450root 11241100x80000000000000004018936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ca9ac41c851119d2021-12-22 12:43:40.450root 11241100x80000000000000004018937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c3facd054f65d0f2021-12-22 12:43:40.450root 11241100x80000000000000004018938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9334d6467007f61e2021-12-22 12:43:40.450root 11241100x80000000000000004018939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9565adf72c1175732021-12-22 12:43:40.450root 11241100x80000000000000004018940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.498ee0814adaca732021-12-22 12:43:40.450root 11241100x80000000000000004018941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce3fa1162612ca072021-12-22 12:43:40.450root 11241100x80000000000000004018942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6070e27e137ee4fd2021-12-22 12:43:40.451root 11241100x80000000000000004018943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0049899dcd9ef5472021-12-22 12:43:40.451root 11241100x80000000000000004018944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa56ced8610526f42021-12-22 12:43:40.451root 11241100x80000000000000004018945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5d8337996b718632021-12-22 12:43:40.452root 11241100x80000000000000004018946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27d4976f9dc8b7102021-12-22 12:43:40.452root 11241100x80000000000000004018947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b15a64f3fe2abc6c2021-12-22 12:43:40.452root 11241100x80000000000000004018948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8c2bf162b4fe1d02021-12-22 12:43:40.452root 11241100x80000000000000004018949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cd3a62f58bc33832021-12-22 12:43:40.943root 11241100x80000000000000004018950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30a700e4fed16b6a2021-12-22 12:43:40.943root 11241100x80000000000000004018951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d95b80c5c4c9f82a2021-12-22 12:43:40.943root 11241100x80000000000000004018952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1a16f9da1d9e9d22021-12-22 12:43:40.943root 11241100x80000000000000004018953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8a8ae7a8b25179e2021-12-22 12:43:40.943root 11241100x80000000000000004018954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bae0a64f9cd2ea8f2021-12-22 12:43:40.943root 11241100x80000000000000004018955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efb0c6fdaa6f217a2021-12-22 12:43:40.943root 11241100x80000000000000004018956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86ae2d3d65f176862021-12-22 12:43:40.944root 11241100x80000000000000004018957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef9bf7be5829f6222021-12-22 12:43:40.944root 11241100x80000000000000004018958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09940ed17b9d4f672021-12-22 12:43:40.944root 11241100x80000000000000004018959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5baf6e14c58d75832021-12-22 12:43:40.944root 11241100x80000000000000004018960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d04aae396fcd9ba02021-12-22 12:43:40.944root 11241100x80000000000000004018961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8499a2b62078e9202021-12-22 12:43:40.944root 11241100x80000000000000004018962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c59a00d0db4fa342021-12-22 12:43:40.945root 11241100x80000000000000004018963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b96c050a0caabde2021-12-22 12:43:40.945root 11241100x80000000000000004018964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8c7d9d8874ab9772021-12-22 12:43:40.945root 11241100x80000000000000004018965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.483dcc5114a486d22021-12-22 12:43:40.945root 11241100x80000000000000004018966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee359363c86de98d2021-12-22 12:43:40.945root 11241100x80000000000000004018967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.006e023f92d688be2021-12-22 12:43:40.945root 11241100x80000000000000004018968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.944efdf128c27dbe2021-12-22 12:43:40.945root 11241100x80000000000000004018969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b743aebd65f4b7d42021-12-22 12:43:40.945root 11241100x80000000000000004018970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1360f8e6b776d5f2021-12-22 12:43:40.945root 11241100x80000000000000004018971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09c08445506c62772021-12-22 12:43:40.946root 11241100x80000000000000004018972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0460ee6fb89fd9792021-12-22 12:43:40.946root 11241100x80000000000000004018973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8e926833f51207b2021-12-22 12:43:40.946root 11241100x80000000000000004018974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.980e6840a0f3c9b52021-12-22 12:43:40.946root 11241100x80000000000000004018975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49dcd5c87a0b7cfc2021-12-22 12:43:40.946root 11241100x80000000000000004018976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8840dba20af6fa82021-12-22 12:43:40.946root 11241100x80000000000000004018977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c12aea8354e9cc9d2021-12-22 12:43:40.946root 11241100x80000000000000004018978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.463532b6647d07892021-12-22 12:43:40.946root 11241100x80000000000000004018979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e101973400a8291c2021-12-22 12:43:40.946root 11241100x80000000000000004018980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7bd81edd9e369142021-12-22 12:43:40.946root 11241100x80000000000000004018981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e2e22d338c770532021-12-22 12:43:40.947root 11241100x80000000000000004018982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e6dd05ebf13cb972021-12-22 12:43:40.947root 11241100x80000000000000004018983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e40c19e1aee3a822021-12-22 12:43:40.947root 11241100x80000000000000004018984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4aad48664bb2e992021-12-22 12:43:40.947root 11241100x80000000000000004018985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de3491911fe605d12021-12-22 12:43:40.947root 11241100x80000000000000004018986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39429150413932122021-12-22 12:43:40.947root 11241100x80000000000000004018987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf4972764b1a35822021-12-22 12:43:40.947root 11241100x80000000000000004018988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21336ed54f5a833c2021-12-22 12:43:40.947root 11241100x80000000000000004018989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.260c9685b88ca22c2021-12-22 12:43:40.948root 11241100x80000000000000004018990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a169a7709d6ed28d2021-12-22 12:43:40.948root 11241100x80000000000000004018991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba1fa480b8691ebb2021-12-22 12:43:40.948root 11241100x80000000000000004018992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e3d05488664c7352021-12-22 12:43:40.948root 11241100x80000000000000004018993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.594f3aca332a10af2021-12-22 12:43:40.948root 11241100x80000000000000004018994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf6b5b503e5b9d6e2021-12-22 12:43:40.948root 11241100x80000000000000004018995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.453365c7c83fb2402021-12-22 12:43:40.948root 11241100x80000000000000004018996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a52985144c2bdb72021-12-22 12:43:40.948root 11241100x80000000000000004018997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31ab550dc9d326c42021-12-22 12:43:40.949root 11241100x80000000000000004018998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e074c86af62dd3382021-12-22 12:43:40.949root 11241100x80000000000000004018999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.931a969e518d5b552021-12-22 12:43:40.949root 11241100x80000000000000004019000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d09fa68162cd4b7b2021-12-22 12:43:40.949root 11241100x80000000000000004019001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5eb6c258b5899ee2021-12-22 12:43:40.949root 11241100x80000000000000004019002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.746c7c4dd7ae74b02021-12-22 12:43:40.949root 11241100x80000000000000004019003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddd05abbb6e158592021-12-22 12:43:40.949root 11241100x80000000000000004019004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63eaf9e3a7b950342021-12-22 12:43:40.950root 11241100x80000000000000004019005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbfead20693e9cd22021-12-22 12:43:40.950root 11241100x80000000000000004019006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d369f0673a7268e2021-12-22 12:43:40.950root 11241100x80000000000000004019007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:40.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b9042bd57c60dab2021-12-22 12:43:40.950root 11241100x80000000000000004019008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1af86c9b9f345362021-12-22 12:43:41.443root 11241100x80000000000000004019009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dd374290ad4629c2021-12-22 12:43:41.443root 11241100x80000000000000004019010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a330d6d18373d5b2021-12-22 12:43:41.444root 11241100x80000000000000004019011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e56faa0c3f6e54f42021-12-22 12:43:41.444root 11241100x80000000000000004019012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec6b3e062bdfbf1a2021-12-22 12:43:41.444root 11241100x80000000000000004019013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80be39b6158879532021-12-22 12:43:41.444root 11241100x80000000000000004019014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6b433686ecb43822021-12-22 12:43:41.444root 11241100x80000000000000004019015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16b3025b71d305622021-12-22 12:43:41.444root 11241100x80000000000000004019016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3f8b0762ff5a11c2021-12-22 12:43:41.444root 11241100x80000000000000004019017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bd33101e0c3386d2021-12-22 12:43:41.445root 11241100x80000000000000004019018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a4884ce57e1dcea2021-12-22 12:43:41.445root 11241100x80000000000000004019019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2da7f44cd99d42e2021-12-22 12:43:41.445root 11241100x80000000000000004019020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e3d32a56f263fb82021-12-22 12:43:41.445root 11241100x80000000000000004019021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af4fb4383e91ee592021-12-22 12:43:41.445root 11241100x80000000000000004019022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c270f34d787cf3d62021-12-22 12:43:41.445root 11241100x80000000000000004019023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e15033b80eafedaa2021-12-22 12:43:41.445root 11241100x80000000000000004019024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3825fca0a6029f02021-12-22 12:43:41.445root 11241100x80000000000000004019025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf9ee76de34d74192021-12-22 12:43:41.445root 11241100x80000000000000004019026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9d1552923c2af452021-12-22 12:43:41.445root 11241100x80000000000000004019027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20ffff863bf0c94c2021-12-22 12:43:41.446root 11241100x80000000000000004019028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4369b8ac2921bda2021-12-22 12:43:41.446root 11241100x80000000000000004019029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92647c1921ed65392021-12-22 12:43:41.446root 11241100x80000000000000004019030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.445e8e0c4244d6fc2021-12-22 12:43:41.446root 11241100x80000000000000004019031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b631d4a8c991d1b92021-12-22 12:43:41.447root 11241100x80000000000000004019032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.609ffe111148ccde2021-12-22 12:43:41.447root 11241100x80000000000000004019033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f847bec36caff962021-12-22 12:43:41.447root 11241100x80000000000000004019034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8991bb5cc1867f492021-12-22 12:43:41.447root 11241100x80000000000000004019035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8812abf46d29eba02021-12-22 12:43:41.447root 11241100x80000000000000004019036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bbd34686f03074a2021-12-22 12:43:41.447root 11241100x80000000000000004019037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f41d324f5633b1132021-12-22 12:43:41.448root 11241100x80000000000000004019038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b187b80d0e572ca82021-12-22 12:43:41.448root 11241100x80000000000000004019039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a0762dec7f254402021-12-22 12:43:41.448root 11241100x80000000000000004019040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3a8c59107783fde2021-12-22 12:43:41.448root 11241100x80000000000000004019041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c1faa6babf1970c2021-12-22 12:43:41.448root 11241100x80000000000000004019042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a495e195f94f0712021-12-22 12:43:41.448root 11241100x80000000000000004019043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b18948b6664be9d2021-12-22 12:43:41.448root 11241100x80000000000000004019044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e09e12407394de602021-12-22 12:43:41.449root 11241100x80000000000000004019045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2dc4b23ded9470d2021-12-22 12:43:41.449root 11241100x80000000000000004019046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d09122c6a246b232021-12-22 12:43:41.449root 11241100x80000000000000004019047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23526aab7809bcef2021-12-22 12:43:41.449root 11241100x80000000000000004019048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ca89fea102a51032021-12-22 12:43:41.943root 11241100x80000000000000004019049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df595ab2afcbe0e82021-12-22 12:43:41.943root 11241100x80000000000000004019050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bbd0ebcd976f60e2021-12-22 12:43:41.943root 11241100x80000000000000004019051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc1eb5dacbe009de2021-12-22 12:43:41.943root 11241100x80000000000000004019052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fbf7531e7dc6d0c2021-12-22 12:43:41.943root 354300x80000000000000004019091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:44.078{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-56822-false10.0.1.12-8000- 11241100x80000000000000004019092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:44.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e31929d048bc61f02021-12-22 12:43:44.442root 11241100x80000000000000004019093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:44.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb20faca170cbafe2021-12-22 12:43:44.942root 11241100x80000000000000004019094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:45.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ec8bc824db484ab2021-12-22 12:43:45.442root 11241100x80000000000000004019095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:45.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c6fa78749881fc72021-12-22 12:43:45.942root 11241100x80000000000000004019096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:46.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb077dc66c4464f72021-12-22 12:43:46.442root 11241100x80000000000000004019097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:46.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab22311e2ed2c87b2021-12-22 12:43:46.942root 11241100x80000000000000004019098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:47.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ded34fc495da7cb2021-12-22 12:43:47.442root 11241100x80000000000000004019099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:47.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c46d58229122e0db2021-12-22 12:43:47.942root 11241100x80000000000000004019100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:48.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f92fd5a4cdece81a2021-12-22 12:43:48.442root 11241100x80000000000000004019101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:48.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37aea5af5296d8c32021-12-22 12:43:48.942root 354300x80000000000000004019102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:49.156{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-56824-false10.0.1.12-8000- 11241100x80000000000000004019103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:49.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f27250425e2a3d2a2021-12-22 12:43:49.442root 11241100x80000000000000004019104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:49.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc3efbee03f53c4a2021-12-22 12:43:49.442root 11241100x80000000000000004019105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:49.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3b7661476dd89572021-12-22 12:43:49.942root 11241100x80000000000000004019106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e789283569c2c5e2021-12-22 12:43:49.943root 11241100x80000000000000004019107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:50.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.007802e4610878dc2021-12-22 12:43:50.442root 11241100x80000000000000004019108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3d0ea9c81abe1712021-12-22 12:43:50.443root 11241100x80000000000000004019109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:50.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7a62ab3ec14059e2021-12-22 12:43:50.942root 11241100x80000000000000004019110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80eab96a7707cd812021-12-22 12:43:50.943root 11241100x80000000000000004019111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:51.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e0dae9be8ba53482021-12-22 12:43:51.442root 11241100x80000000000000004019112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:51.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada3966f22d75c132021-12-22 12:43:51.442root 11241100x80000000000000004019113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:51.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dcdbed6ac8bdaea2021-12-22 12:43:51.942root 11241100x80000000000000004019114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:51.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.371f2d2b1ea9ebcd2021-12-22 12:43:51.942root 11241100x80000000000000004019115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:52.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.412f7ef88587ca2d2021-12-22 12:43:52.442root 11241100x80000000000000004019116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18dbd87f49bf1be82021-12-22 12:43:52.443root 11241100x80000000000000004019117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:52.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.469bf94174870ab82021-12-22 12:43:52.942root 11241100x80000000000000004019118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:52.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58f74e4861765fc82021-12-22 12:43:52.942root 11241100x80000000000000004019119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:53.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df4c6561252bd2ce2021-12-22 12:43:53.442root 11241100x80000000000000004019120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f85fb95ef0c88e12021-12-22 12:43:53.443root 11241100x80000000000000004019121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:53.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63eeb394c6958b482021-12-22 12:43:53.942root 11241100x80000000000000004019122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:53.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39290e7ad2d7f13a2021-12-22 12:43:53.942root 11241100x80000000000000004019123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:54.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49f8751462dbbcd72021-12-22 12:43:54.442root 11241100x80000000000000004019124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f166a2ce6e38e8ef2021-12-22 12:43:54.443root 11241100x80000000000000004019125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:54.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a5d94670b8dd4922021-12-22 12:43:54.942root 11241100x80000000000000004019126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:54.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b095b013e7724f62021-12-22 12:43:54.942root 354300x80000000000000004019127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:55.096{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-56826-false10.0.1.12-8000- 11241100x80000000000000004019128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:55.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7579e87daee385b22021-12-22 12:43:55.442root 11241100x80000000000000004019129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbb0dda2413741e12021-12-22 12:43:55.443root 11241100x80000000000000004019130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fd7fbc07ecd78a02021-12-22 12:43:55.443root 11241100x80000000000000004019131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:55.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e174c0783bc9e82021-12-22 12:43:55.942root 11241100x80000000000000004019132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2472c68530773c702021-12-22 12:43:55.943root 11241100x80000000000000004019133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4798f4997b335e082021-12-22 12:43:55.943root 11241100x80000000000000004019134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1a4f9cf0ea4a7452021-12-22 12:43:56.443root 11241100x80000000000000004019135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98d76ccae07e0c362021-12-22 12:43:56.443root 11241100x80000000000000004019136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d63455b1645c2c22021-12-22 12:43:56.443root 11241100x80000000000000004019137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:56.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.368fced0040673ee2021-12-22 12:43:56.942root 11241100x80000000000000004019138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7723376127c5cb62021-12-22 12:43:56.943root 11241100x80000000000000004019139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.038aba4242ee366b2021-12-22 12:43:56.943root 11241100x80000000000000004019140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:57.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6378c2cc156564942021-12-22 12:43:57.442root 11241100x80000000000000004019141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a06624644270cde2021-12-22 12:43:57.443root 11241100x80000000000000004019142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f526d8cd3b81ba552021-12-22 12:43:57.443root 11241100x80000000000000004019143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:57.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e37d118bf174dacb2021-12-22 12:43:57.942root 11241100x80000000000000004019144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6349ed3680d611f12021-12-22 12:43:57.943root 11241100x80000000000000004019145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f7a6e2d3cfd6602021-12-22 12:43:57.943root 11241100x80000000000000004019146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:58.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c631f1097af3a2f2021-12-22 12:43:58.442root 11241100x80000000000000004019147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8174042133fbdb952021-12-22 12:43:58.443root 11241100x80000000000000004019148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d14712baba88eea2021-12-22 12:43:58.443root 11241100x80000000000000004019149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:58.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a869fa7190a4b0fc2021-12-22 12:43:58.942root 11241100x80000000000000004019150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06fb0a0a6653b41c2021-12-22 12:43:58.943root 11241100x80000000000000004019151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3b9d99f214e96092021-12-22 12:43:58.943root 11241100x80000000000000004019152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:59.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90f0a75eb72976532021-12-22 12:43:59.442root 11241100x80000000000000004019153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5926292090dbae62021-12-22 12:43:59.443root 11241100x80000000000000004019154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcc0fbe8d97fe0e42021-12-22 12:43:59.443root 11241100x80000000000000004019155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:59.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cd9a05e018c00e82021-12-22 12:43:59.942root 11241100x80000000000000004019156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ae48f91c7bd076c2021-12-22 12:43:59.943root 11241100x80000000000000004019157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:43:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.138a8c6df1de63272021-12-22 12:43:59.943root 354300x80000000000000004019158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:00.188{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-56828-false10.0.1.12-8000- 11241100x80000000000000004019159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:00.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14d99ce141b84f352021-12-22 12:44:00.442root 11241100x80000000000000004019160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd5392839970a2c2021-12-22 12:44:00.443root 11241100x80000000000000004019161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3cf99277dd2e70d2021-12-22 12:44:00.443root 11241100x80000000000000004019162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39d6f6e5512a06ab2021-12-22 12:44:00.443root 11241100x80000000000000004019163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:00.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c0b6fc164b028402021-12-22 12:44:00.942root 11241100x80000000000000004019164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f528754c28e20f72021-12-22 12:44:00.943root 11241100x80000000000000004019165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.429d4faea40a14af2021-12-22 12:44:00.943root 11241100x80000000000000004019166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.786666fc05d18eac2021-12-22 12:44:00.943root 11241100x80000000000000004019167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:01.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.975fdcbc8e30c9ee2021-12-22 12:44:01.442root 11241100x80000000000000004019168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ccd283362b6beca2021-12-22 12:44:01.443root 11241100x80000000000000004019169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f768bad66edcf75b2021-12-22 12:44:01.443root 11241100x80000000000000004019170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a040295ccee4abc2021-12-22 12:44:01.443root 11241100x80000000000000004019171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:01.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59fe3e5f44218c232021-12-22 12:44:01.942root 11241100x80000000000000004019172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dc491bd7ec8f2032021-12-22 12:44:01.943root 11241100x80000000000000004019173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3efa66729e1a17262021-12-22 12:44:01.943root 11241100x80000000000000004019174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.752677ac00a4f3c12021-12-22 12:44:01.943root 11241100x80000000000000004019175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:02.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.702b608f635205052021-12-22 12:44:02.442root 11241100x80000000000000004019176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f21e6be65efe17012021-12-22 12:44:02.443root 11241100x80000000000000004019177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6c773e25be345652021-12-22 12:44:02.443root 11241100x80000000000000004019178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.935cc4961078e2182021-12-22 12:44:02.443root 11241100x80000000000000004019179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:02.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6324d715cca34b222021-12-22 12:44:02.942root 11241100x80000000000000004019180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.759b03eea8838b642021-12-22 12:44:02.943root 11241100x80000000000000004019181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.244562418045b63e2021-12-22 12:44:02.943root 11241100x80000000000000004019182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ca8b0dc97b32662021-12-22 12:44:02.943root 11241100x80000000000000004019183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:03.124{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-22 12:44:03.124root 11241100x80000000000000004019184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b14ebd05057956b2021-12-22 12:44:03.443root 11241100x80000000000000004019185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d67b14183498937e2021-12-22 12:44:03.443root 11241100x80000000000000004019186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03e9e836d7ec4fcd2021-12-22 12:44:03.443root 11241100x80000000000000004019187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fec23fed56b339b2021-12-22 12:44:03.443root 11241100x80000000000000004019188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b35bd469695094b82021-12-22 12:44:03.443root 11241100x80000000000000004019189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20b19b0a7be043cc2021-12-22 12:44:03.943root 11241100x80000000000000004019190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f00c400d24dcb732021-12-22 12:44:03.943root 11241100x80000000000000004019191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65f6afec9d9caf9b2021-12-22 12:44:03.943root 11241100x80000000000000004019192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ca29f725790fec52021-12-22 12:44:03.943root 11241100x80000000000000004019193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e8ef056f0c275b22021-12-22 12:44:03.943root 11241100x80000000000000004019194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e5520c376567e542021-12-22 12:44:04.443root 11241100x80000000000000004019195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.023b43b9eab82f5f2021-12-22 12:44:04.443root 11241100x80000000000000004019196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdb64f3673a22cf92021-12-22 12:44:04.443root 11241100x80000000000000004019197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25e350f6687fbcef2021-12-22 12:44:04.443root 11241100x80000000000000004019198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b6077a565bb829f2021-12-22 12:44:04.443root 11241100x80000000000000004019199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:04.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e509d89c37a9eead2021-12-22 12:44:04.942root 11241100x80000000000000004019200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82be05891b1062c02021-12-22 12:44:04.943root 11241100x80000000000000004019201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff1578c320673c732021-12-22 12:44:04.943root 11241100x80000000000000004019202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.983991bb8595a9e42021-12-22 12:44:04.943root 11241100x80000000000000004019203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b91fd564e77ac212021-12-22 12:44:04.943root 11241100x80000000000000004019204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b467b839e8b588d52021-12-22 12:44:05.444root 11241100x80000000000000004019205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67dc6d8318b7e0342021-12-22 12:44:05.444root 11241100x80000000000000004019206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaf99f9cdd6b094a2021-12-22 12:44:05.444root 11241100x80000000000000004019207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c83f6b9f17d817932021-12-22 12:44:05.444root 11241100x80000000000000004019208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4964167fd25699de2021-12-22 12:44:05.444root 11241100x80000000000000004019209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cfaaf754316f6b52021-12-22 12:44:05.943root 11241100x80000000000000004019210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fc82cbb8ea500e52021-12-22 12:44:05.943root 11241100x80000000000000004019211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08b8dd17b7c6c2dd2021-12-22 12:44:05.943root 11241100x80000000000000004019212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d29305c496cd4332021-12-22 12:44:05.943root 11241100x80000000000000004019213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bff390ec53bf60c2021-12-22 12:44:05.943root 354300x80000000000000004019214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:06.065{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-56830-false10.0.1.12-8000- 23542300x80000000000000004019215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:06.126{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000004019216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cf1621b5f44d8e82021-12-22 12:44:06.443root 11241100x80000000000000004019217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.632d1c8893f12ac92021-12-22 12:44:06.443root 11241100x80000000000000004019218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e96c05bad6510a142021-12-22 12:44:06.443root 11241100x80000000000000004019219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0184818ab4168a4d2021-12-22 12:44:06.443root 11241100x80000000000000004019220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a046af05db6ee482021-12-22 12:44:06.443root 11241100x80000000000000004019221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4abf02214ea6bb252021-12-22 12:44:06.444root 11241100x80000000000000004019222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2993df40d4677c7d2021-12-22 12:44:06.444root 11241100x80000000000000004019223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab35861cc4b2b91d2021-12-22 12:44:06.943root 11241100x80000000000000004019224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f819c9d4a8f58272021-12-22 12:44:06.943root 11241100x80000000000000004019225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.546482de287541532021-12-22 12:44:06.943root 11241100x80000000000000004019226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.091f0491936fb8942021-12-22 12:44:06.943root 11241100x80000000000000004019227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16211d067fc4ab1a2021-12-22 12:44:06.943root 11241100x80000000000000004019228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d156d8b0f75606912021-12-22 12:44:06.943root 11241100x80000000000000004019229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0526a923b2779e482021-12-22 12:44:06.944root 11241100x80000000000000004019230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97ed540e506410232021-12-22 12:44:07.443root 11241100x80000000000000004019231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ed9f2dd60564162021-12-22 12:44:07.443root 11241100x80000000000000004019232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dadd24845eddd8d2021-12-22 12:44:07.443root 11241100x80000000000000004019233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca67e9073f36dd7b2021-12-22 12:44:07.443root 11241100x80000000000000004019234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c19e4ebad2acba012021-12-22 12:44:07.443root 11241100x80000000000000004019235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.947e1254d43249862021-12-22 12:44:07.443root 11241100x80000000000000004019236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2967882a90a39032021-12-22 12:44:07.443root 11241100x80000000000000004019237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d63bfe2c32c1f4d42021-12-22 12:44:07.943root 11241100x80000000000000004019238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a3f756a0f6b2fbf2021-12-22 12:44:07.943root 11241100x80000000000000004019239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e849bb9ccc3538672021-12-22 12:44:07.943root 11241100x80000000000000004019240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d53b8220f8d66e862021-12-22 12:44:07.943root 11241100x80000000000000004019241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b361dc1350b2b542021-12-22 12:44:07.943root 11241100x80000000000000004019242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c72929bec9b5712021-12-22 12:44:07.943root 11241100x80000000000000004019243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc538fe913495dbe2021-12-22 12:44:07.944root 11241100x80000000000000004019244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c08b2deef1d1a5d2021-12-22 12:44:08.443root 11241100x80000000000000004019245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.092a70201a55edb52021-12-22 12:44:08.443root 11241100x80000000000000004019246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e06a6efc57bb23072021-12-22 12:44:08.443root 11241100x80000000000000004019247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.621640c8699d0c9d2021-12-22 12:44:08.443root 11241100x80000000000000004019248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fb7b5131f0864b52021-12-22 12:44:08.443root 11241100x80000000000000004019249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ef8437b21681ad12021-12-22 12:44:08.443root 11241100x80000000000000004019250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d30e19e9343683992021-12-22 12:44:08.443root 11241100x80000000000000004019251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09ee54aa4b4159212021-12-22 12:44:08.943root 11241100x80000000000000004019252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.841be5d7c7577cef2021-12-22 12:44:08.943root 11241100x80000000000000004019253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8da4d5aa3b6fc882021-12-22 12:44:08.943root 11241100x80000000000000004019254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f77cb05f324d5cd52021-12-22 12:44:08.943root 11241100x80000000000000004019255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22a2bb6b23afd1052021-12-22 12:44:08.943root 11241100x80000000000000004019256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5241b32f0acc5b902021-12-22 12:44:08.943root 11241100x80000000000000004019257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6d4b286f4de7ada2021-12-22 12:44:08.944root 11241100x80000000000000004019258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.060b33b0ee2e066d2021-12-22 12:44:09.443root 11241100x80000000000000004019259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d55dc82c37f7c5ef2021-12-22 12:44:09.443root 11241100x80000000000000004019260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fab4f2a7ade5d832021-12-22 12:44:09.443root 11241100x80000000000000004019261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e173cbdd12be60b2021-12-22 12:44:09.443root 11241100x80000000000000004019262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a24e42f48d3016c62021-12-22 12:44:09.443root 11241100x80000000000000004019263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11d04d41ebef44612021-12-22 12:44:09.443root 11241100x80000000000000004019264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eba6581afbee99552021-12-22 12:44:09.443root 11241100x80000000000000004019265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.789d8fe263f84bc42021-12-22 12:44:09.943root 11241100x80000000000000004019266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e4493042b831dd2021-12-22 12:44:09.943root 11241100x80000000000000004019267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c45b534ee75c09b02021-12-22 12:44:09.943root 11241100x80000000000000004019268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e7c2069fba4ea242021-12-22 12:44:09.943root 11241100x80000000000000004019269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e2cd8767858b3262021-12-22 12:44:09.943root 11241100x80000000000000004019270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dcd846c3df915d72021-12-22 12:44:09.943root 11241100x80000000000000004019271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c4d32d6e8cdda722021-12-22 12:44:09.943root 11241100x80000000000000004019272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b10d18849a971ff2021-12-22 12:44:10.443root 11241100x80000000000000004019273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e53b5b2189b60d0b2021-12-22 12:44:10.443root 11241100x80000000000000004019274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9574b83bdd517d7f2021-12-22 12:44:10.443root 11241100x80000000000000004019275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d982e0896af0733d2021-12-22 12:44:10.443root 11241100x80000000000000004019276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6006ade1b192e6412021-12-22 12:44:10.443root 11241100x80000000000000004019277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cd8920f172992502021-12-22 12:44:10.443root 11241100x80000000000000004019278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11cdb56d62b6bfab2021-12-22 12:44:10.443root 11241100x80000000000000004019279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.279570b8a4f8f6a02021-12-22 12:44:10.943root 11241100x80000000000000004019280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1754c7eab874e6742021-12-22 12:44:10.943root 11241100x80000000000000004019281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb0b248935676092021-12-22 12:44:10.943root 11241100x80000000000000004019282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89e5ec7f80932d762021-12-22 12:44:10.943root 11241100x80000000000000004019283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08b3a95903acf3a72021-12-22 12:44:10.943root 11241100x80000000000000004019284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cd39b975b6a08ce2021-12-22 12:44:10.943root 11241100x80000000000000004019285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aa035af3df4ac1d2021-12-22 12:44:10.943root 11241100x80000000000000004019286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57681c3c6a65fcb12021-12-22 12:44:11.443root 11241100x80000000000000004019287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b232037b58bb3e22021-12-22 12:44:11.443root 11241100x80000000000000004019288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d121f731fb26bc9f2021-12-22 12:44:11.443root 11241100x80000000000000004019289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33be09c1d435eed52021-12-22 12:44:11.443root 11241100x80000000000000004019290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e35cb30b0ed776c22021-12-22 12:44:11.443root 11241100x80000000000000004019291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2404060539f4ff1a2021-12-22 12:44:11.443root 11241100x80000000000000004019292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.190b8c0ddd649e062021-12-22 12:44:11.443root 11241100x80000000000000004019293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1833d5b5030da1bf2021-12-22 12:44:11.943root 11241100x80000000000000004019294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a013550fcc6baec12021-12-22 12:44:11.943root 11241100x80000000000000004019295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35038fb60bd5a9322021-12-22 12:44:11.943root 11241100x80000000000000004019296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed659dbfeb429be82021-12-22 12:44:11.943root 11241100x80000000000000004019297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4faa643b08eb4ad2021-12-22 12:44:11.943root 11241100x80000000000000004019298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe95f490ea545c4f2021-12-22 12:44:11.943root 11241100x80000000000000004019299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.260e0e9974641ada2021-12-22 12:44:11.943root 354300x80000000000000004019300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:12.033{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-56832-false10.0.1.12-8000- 11241100x80000000000000004019301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03cd22c277335c742021-12-22 12:44:12.443root 11241100x80000000000000004019302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc8f6b271ecdca1b2021-12-22 12:44:12.443root 11241100x80000000000000004019303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6839ee2a2021bd762021-12-22 12:44:12.443root 11241100x80000000000000004019304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18454f81132dc9302021-12-22 12:44:12.443root 11241100x80000000000000004019305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7d819f662b7967e2021-12-22 12:44:12.443root 11241100x80000000000000004019306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa134d50b718141f2021-12-22 12:44:12.443root 11241100x80000000000000004019307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a7d531fd2e457132021-12-22 12:44:12.443root 11241100x80000000000000004019308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.198ec7a7d80f6bb72021-12-22 12:44:12.443root 11241100x80000000000000004019309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63fa468d4cd237bb2021-12-22 12:44:12.943root 11241100x80000000000000004019310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d9a89c55b34127e2021-12-22 12:44:12.943root 11241100x80000000000000004019311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aff752c92a06a7432021-12-22 12:44:12.943root 11241100x80000000000000004019312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfcd7f7aac086bf42021-12-22 12:44:12.943root 11241100x80000000000000004019313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ac547b1793d97f2021-12-22 12:44:12.943root 11241100x80000000000000004019314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d76fd68c1c73f22f2021-12-22 12:44:12.943root 11241100x80000000000000004019315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2334b198ace8f342021-12-22 12:44:12.943root 11241100x80000000000000004019316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8967a1c50c19d712021-12-22 12:44:12.943root 11241100x80000000000000004019317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d030a83f8ae54f8a2021-12-22 12:44:13.443root 11241100x80000000000000004019318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d4fc7fb9dc0d5f02021-12-22 12:44:13.443root 11241100x80000000000000004019319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52a189c525f73e302021-12-22 12:44:13.443root 11241100x80000000000000004019320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.850826fefe0420bc2021-12-22 12:44:13.443root 11241100x80000000000000004019321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3bf3a3232f821432021-12-22 12:44:13.443root 11241100x80000000000000004019322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11c96eba01dc44b12021-12-22 12:44:13.443root 11241100x80000000000000004019323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b282f79550b9e0202021-12-22 12:44:13.443root 11241100x80000000000000004019324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8697b7963071188e2021-12-22 12:44:13.443root 11241100x80000000000000004019325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.987eac0fb3cae1202021-12-22 12:44:13.943root 11241100x80000000000000004019326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9b88cac2387af7a2021-12-22 12:44:13.943root 11241100x80000000000000004019327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7a88c7094f556c22021-12-22 12:44:13.943root 11241100x80000000000000004019328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65c6675445a38b882021-12-22 12:44:13.943root 11241100x80000000000000004019329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.573e36e631ed08d22021-12-22 12:44:13.943root 11241100x80000000000000004019330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45a5a183f44b94d32021-12-22 12:44:13.943root 11241100x80000000000000004019331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83bb8455c6383e302021-12-22 12:44:13.943root 11241100x80000000000000004019332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cf696e74dfecc002021-12-22 12:44:13.944root 11241100x80000000000000004019333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.215889bab086feda2021-12-22 12:44:14.443root 11241100x80000000000000004019334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f84647dcee9102772021-12-22 12:44:14.443root 11241100x80000000000000004019335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df4597a8d88366572021-12-22 12:44:14.443root 11241100x80000000000000004019336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea7159e1cf4371bd2021-12-22 12:44:14.443root 11241100x80000000000000004019337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5b1829567ba5d792021-12-22 12:44:14.443root 11241100x80000000000000004019338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45fcf9272e42d9f92021-12-22 12:44:14.443root 11241100x80000000000000004019339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e128c69e8489f9f82021-12-22 12:44:14.443root 11241100x80000000000000004019340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67c8867704e2b27a2021-12-22 12:44:14.443root 11241100x80000000000000004019341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d56bdd6d01513fec2021-12-22 12:44:14.943root 11241100x80000000000000004019342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.138062922f1a46ab2021-12-22 12:44:14.943root 11241100x80000000000000004019343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c41d618662f36062021-12-22 12:44:14.943root 11241100x80000000000000004019344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de9a40afc8ba17912021-12-22 12:44:14.943root 11241100x80000000000000004019345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cd1f2c4d440a4d02021-12-22 12:44:14.943root 11241100x80000000000000004019346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72818cfb380de0f62021-12-22 12:44:14.943root 11241100x80000000000000004019347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97e4ffdee3b699e22021-12-22 12:44:14.943root 11241100x80000000000000004019348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db140a55d8ed21ce2021-12-22 12:44:14.943root 11241100x80000000000000004019349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dda67c5ecb64da02021-12-22 12:44:15.443root 11241100x80000000000000004019350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f05d9373198307bd2021-12-22 12:44:15.443root 11241100x80000000000000004019351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbb69e82badff8102021-12-22 12:44:15.443root 11241100x80000000000000004019352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a04c713dc09057d82021-12-22 12:44:15.443root 11241100x80000000000000004019353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0eb501bdc0e1d052021-12-22 12:44:15.443root 11241100x80000000000000004019354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfe09821543202642021-12-22 12:44:15.444root 11241100x80000000000000004019355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c12e522c46ee7ea2021-12-22 12:44:15.444root 11241100x80000000000000004019356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c81b1a9ea9a18b72021-12-22 12:44:15.444root 11241100x80000000000000004019357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79d13bbd76b0eb7d2021-12-22 12:44:15.943root 11241100x80000000000000004019358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7517ada9555a90682021-12-22 12:44:15.943root 11241100x80000000000000004019359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3685c7f4106fb0ae2021-12-22 12:44:15.943root 11241100x80000000000000004019360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40712361214832c72021-12-22 12:44:15.943root 11241100x80000000000000004019361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd8ed102f4afc7612021-12-22 12:44:15.943root 11241100x80000000000000004019362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd3d7956894bcec2021-12-22 12:44:15.944root 11241100x80000000000000004019363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afdbeee42d66f26b2021-12-22 12:44:15.944root 11241100x80000000000000004019364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb340ecdd1a284b22021-12-22 12:44:15.944root 11241100x80000000000000004019365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f889012a6bf02e62021-12-22 12:44:16.443root 11241100x80000000000000004019366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03d4ef1a8845de822021-12-22 12:44:16.443root 11241100x80000000000000004019367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14f1e7d4d6fd882f2021-12-22 12:44:16.443root 11241100x80000000000000004019368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46fc06fc0611e3602021-12-22 12:44:16.443root 11241100x80000000000000004019369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89bd08b90fa918c02021-12-22 12:44:16.443root 11241100x80000000000000004019370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23415247d0db4a9e2021-12-22 12:44:16.443root 11241100x80000000000000004019371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b3b7ac6a34695ea2021-12-22 12:44:16.444root 11241100x80000000000000004019372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d717d44f0c7e2362021-12-22 12:44:16.444root 11241100x80000000000000004019373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7748284010dc3fc2021-12-22 12:44:16.943root 11241100x80000000000000004019374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae616cfd6eec4c2f2021-12-22 12:44:16.943root 11241100x80000000000000004019375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.520fa2e56c8d90c42021-12-22 12:44:16.943root 11241100x80000000000000004019376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ea11da135b6dda32021-12-22 12:44:16.943root 11241100x80000000000000004019377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98517d5ad01261362021-12-22 12:44:16.943root 11241100x80000000000000004019378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7c889bb322bc5382021-12-22 12:44:16.943root 11241100x80000000000000004019379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c80c0e1801e34502021-12-22 12:44:16.943root 11241100x80000000000000004019380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.409aeae9127536852021-12-22 12:44:16.944root 354300x80000000000000004019381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:17.206{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-56834-false10.0.1.12-8000- 11241100x80000000000000004019382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:17.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6343860f62261c7b2021-12-22 12:44:17.206root 11241100x80000000000000004019383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:17.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d184b46e08ca61242021-12-22 12:44:17.206root 11241100x80000000000000004019384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:17.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e8d17eebb0c34e02021-12-22 12:44:17.207root 11241100x80000000000000004019385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:17.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0290836ab8d5c62e2021-12-22 12:44:17.207root 11241100x80000000000000004019386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:17.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb2f1c01745d6c872021-12-22 12:44:17.207root 11241100x80000000000000004019387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:17.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b7d7ce0b23484f62021-12-22 12:44:17.207root 11241100x80000000000000004019388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:17.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2a740ce5872e4512021-12-22 12:44:17.207root 11241100x80000000000000004019389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:17.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8fa7bd156aa9b9d2021-12-22 12:44:17.207root 11241100x80000000000000004019390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:17.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c151b83a6173da092021-12-22 12:44:17.207root 11241100x80000000000000004019391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.250bdf5d95fcdafb2021-12-22 12:44:17.693root 11241100x80000000000000004019392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e48030ebceb47ff2021-12-22 12:44:17.693root 11241100x80000000000000004019393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0ffa920bdb5cbba2021-12-22 12:44:17.693root 11241100x80000000000000004019394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b87911bf99307b1b2021-12-22 12:44:17.694root 11241100x80000000000000004019395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77e0e30a8848743d2021-12-22 12:44:17.694root 11241100x80000000000000004019396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aeb3db8af8aae9f2021-12-22 12:44:17.694root 11241100x80000000000000004019397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bad31a098a164052021-12-22 12:44:17.694root 11241100x80000000000000004019398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b608495d35ed012021-12-22 12:44:17.694root 11241100x80000000000000004019399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:17.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae116af5df758c92021-12-22 12:44:17.695root 11241100x80000000000000004019400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:18.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74323e6ea47923492021-12-22 12:44:18.193root 11241100x80000000000000004019401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.411e6987e84b50d22021-12-22 12:44:18.194root 11241100x80000000000000004019402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54611069ff1056d82021-12-22 12:44:18.194root 11241100x80000000000000004019403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c46a833ba1c3e0f2021-12-22 12:44:18.194root 11241100x80000000000000004019404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8e4c849c4deeaf02021-12-22 12:44:18.194root 11241100x80000000000000004019405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd6c73ff45d225902021-12-22 12:44:18.194root 11241100x80000000000000004019406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cf752a3a69fdaf22021-12-22 12:44:18.194root 11241100x80000000000000004019407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a251976833dc94b42021-12-22 12:44:18.194root 11241100x80000000000000004019408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d515023a7a75c5532021-12-22 12:44:18.194root 11241100x80000000000000004019409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.431e472a38f5dd4f2021-12-22 12:44:18.693root 11241100x80000000000000004019410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7803c439645fc9f32021-12-22 12:44:18.693root 11241100x80000000000000004019411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bab911c35641c7982021-12-22 12:44:18.693root 11241100x80000000000000004019412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adc0b94f98ac939d2021-12-22 12:44:18.693root 11241100x80000000000000004019413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d76655ef8b8455ba2021-12-22 12:44:18.693root 11241100x80000000000000004019414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b551c4d15712b62021-12-22 12:44:18.693root 11241100x80000000000000004019415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f26bb95d6f44f9d22021-12-22 12:44:18.693root 11241100x80000000000000004019416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.762b6dbcb05d858a2021-12-22 12:44:18.693root 11241100x80000000000000004019417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3cf76e5c5d93f3b2021-12-22 12:44:18.693root 11241100x80000000000000004019418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a15f60ce777271e82021-12-22 12:44:19.193root 11241100x80000000000000004019419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f70649156cd522c2021-12-22 12:44:19.193root 11241100x80000000000000004019420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.705dd1579fc902d22021-12-22 12:44:19.193root 11241100x80000000000000004019421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c459bc95ab39c5e12021-12-22 12:44:19.193root 11241100x80000000000000004019422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b4305136cae793c2021-12-22 12:44:19.193root 11241100x80000000000000004019423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2407ec073928ba942021-12-22 12:44:19.193root 11241100x80000000000000004019424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.213ef40106a580f22021-12-22 12:44:19.193root 11241100x80000000000000004019425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6fea4ec42689b7c2021-12-22 12:44:19.193root 11241100x80000000000000004019426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.292878a8c0f0abdf2021-12-22 12:44:19.193root 11241100x80000000000000004019427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a9baf9d492188fd2021-12-22 12:44:19.693root 11241100x80000000000000004019428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2e3d576ad465ae02021-12-22 12:44:19.693root 11241100x80000000000000004019429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc4023a30703c0532021-12-22 12:44:19.693root 11241100x80000000000000004019430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b00dc494a97a21062021-12-22 12:44:19.693root 11241100x80000000000000004019431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d5d4d88d0da0072021-12-22 12:44:19.693root 11241100x80000000000000004019432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce76158275daef292021-12-22 12:44:19.693root 11241100x80000000000000004019433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a04e9736328f1212021-12-22 12:44:19.693root 11241100x80000000000000004019434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2c214748a0a1f902021-12-22 12:44:19.693root 11241100x80000000000000004019435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4425157eb558fc382021-12-22 12:44:19.694root 11241100x80000000000000004019436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02c9f7aaedf2f9c92021-12-22 12:44:20.193root 11241100x80000000000000004019437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.991771971c929a532021-12-22 12:44:20.193root 11241100x80000000000000004019438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26c7c80218f90cbb2021-12-22 12:44:20.193root 11241100x80000000000000004019439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a5777a32eece2652021-12-22 12:44:20.193root 11241100x80000000000000004019440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1b748fab938d9062021-12-22 12:44:20.193root 11241100x80000000000000004019441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea0972937ec8e5902021-12-22 12:44:20.193root 11241100x80000000000000004019442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2ece5e3a7c3c84a2021-12-22 12:44:20.193root 11241100x80000000000000004019443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.009ddcb996d748462021-12-22 12:44:20.193root 11241100x80000000000000004019444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74fa2fe905c47c2d2021-12-22 12:44:20.194root 11241100x80000000000000004019445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18a11811c060d76e2021-12-22 12:44:20.693root 11241100x80000000000000004019446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f7fa35372c8cea42021-12-22 12:44:20.693root 11241100x80000000000000004019447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a52d61bb2a1c4e12021-12-22 12:44:20.693root 11241100x80000000000000004019448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e959dfe68aefd4442021-12-22 12:44:20.693root 11241100x80000000000000004019449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1a35f3e51cd76d42021-12-22 12:44:20.693root 11241100x80000000000000004019450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.408e6f8eb14956a32021-12-22 12:44:20.693root 11241100x80000000000000004019451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cc26caa850e8ccb2021-12-22 12:44:20.693root 11241100x80000000000000004019452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc7e4928ecbfd3df2021-12-22 12:44:20.693root 11241100x80000000000000004019453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc675ef9f2c969b72021-12-22 12:44:20.693root 11241100x80000000000000004019454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a93f25d2597efc0c2021-12-22 12:44:21.193root 11241100x80000000000000004019455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fe0478f311f684e2021-12-22 12:44:21.193root 11241100x80000000000000004019456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca5900533487d1e2021-12-22 12:44:21.193root 11241100x80000000000000004019457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82e599887b0f1f152021-12-22 12:44:21.193root 11241100x80000000000000004019458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c895bf13d967e03d2021-12-22 12:44:21.193root 11241100x80000000000000004019459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a78eb453ffbbfd152021-12-22 12:44:21.193root 11241100x80000000000000004019460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49fc12f33901bb4e2021-12-22 12:44:21.193root 11241100x80000000000000004019461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c82fe2723f20602021-12-22 12:44:21.193root 11241100x80000000000000004019462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e71cfaa91a5177852021-12-22 12:44:21.193root 11241100x80000000000000004019463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12a968c9ea6a49452021-12-22 12:44:21.693root 11241100x80000000000000004019464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87253b133b4b0dc42021-12-22 12:44:21.693root 11241100x80000000000000004019465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89db1b1e70f6fbd62021-12-22 12:44:21.693root 11241100x80000000000000004019466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.356bc3f026df79b12021-12-22 12:44:21.693root 11241100x80000000000000004019467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.851b4507a7e78d522021-12-22 12:44:21.693root 11241100x80000000000000004019468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bae2849ce417f172021-12-22 12:44:21.693root 11241100x80000000000000004019469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b3b5908dbe9fe832021-12-22 12:44:21.693root 11241100x80000000000000004019470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af60b5f3d422e3eb2021-12-22 12:44:21.694root 11241100x80000000000000004019471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f6a3f6b3b122522021-12-22 12:44:21.694root 11241100x80000000000000004019472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.507d0cd25883f0d72021-12-22 12:44:22.193root 11241100x80000000000000004019473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd431772fde3b3512021-12-22 12:44:22.193root 11241100x80000000000000004019474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1b7b81d08d6fc982021-12-22 12:44:22.193root 11241100x80000000000000004019475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed06e1db95fad182021-12-22 12:44:22.193root 11241100x80000000000000004019476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19317570b49fadf82021-12-22 12:44:22.193root 11241100x80000000000000004019477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4e988d9776ff3de2021-12-22 12:44:22.193root 11241100x80000000000000004019478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b965321816250cb2021-12-22 12:44:22.193root 11241100x80000000000000004019479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c620bbfebabaec2b2021-12-22 12:44:22.193root 11241100x80000000000000004019480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba08bf9d687479432021-12-22 12:44:22.193root 11241100x80000000000000004019481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2128711cc26d7d9a2021-12-22 12:44:22.693root 11241100x80000000000000004019482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6865fc754b8bfefa2021-12-22 12:44:22.693root 11241100x80000000000000004019483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffa3b18e994b26de2021-12-22 12:44:22.693root 11241100x80000000000000004019484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bb05d118b5a6eea2021-12-22 12:44:22.693root 11241100x80000000000000004019485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe72cb88424ee16e2021-12-22 12:44:22.693root 11241100x80000000000000004019486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b07c8dc955461d952021-12-22 12:44:22.693root 11241100x80000000000000004019487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42ca14521d6dfe622021-12-22 12:44:22.693root 11241100x80000000000000004019488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2699977db74197572021-12-22 12:44:22.693root 11241100x80000000000000004019489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8365c7939d7067312021-12-22 12:44:22.693root 354300x80000000000000004019490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:23.033{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-56836-false10.0.1.12-8000- 11241100x80000000000000004019491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:23.034{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53dc6c4d2c1f6fd32021-12-22 12:44:23.034root 11241100x80000000000000004019492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:23.034{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c155cdbcd0e14e1b2021-12-22 12:44:23.034root 11241100x80000000000000004019493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:23.034{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24c7a1c6d18e75ae2021-12-22 12:44:23.034root 11241100x80000000000000004019494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:23.034{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed3bd6aaa1217e722021-12-22 12:44:23.034root 11241100x80000000000000004019495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:23.034{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab9b031aa6abf36f2021-12-22 12:44:23.034root 11241100x80000000000000004019496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:23.034{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b78231bb03d44fc82021-12-22 12:44:23.034root 11241100x80000000000000004019497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:23.034{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d1a1d1f48ff16ca2021-12-22 12:44:23.034root 11241100x80000000000000004019498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:23.034{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.160488ea5f96d4092021-12-22 12:44:23.034root 11241100x80000000000000004019499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:23.034{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1d4ef4b8d83a6bf2021-12-22 12:44:23.034root 11241100x80000000000000004019500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:23.035{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efae169d0309362c2021-12-22 12:44:23.035root 11241100x80000000000000004019501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45d3ccd1bb0469c72021-12-22 12:44:23.443root 11241100x80000000000000004019502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48634fb2a52f1ffe2021-12-22 12:44:23.443root 11241100x80000000000000004019503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76ea7a5d4eaec6fa2021-12-22 12:44:23.443root 11241100x80000000000000004019504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1edca6fcfab167132021-12-22 12:44:23.443root 11241100x80000000000000004019505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f4983ac0fe616302021-12-22 12:44:23.443root 11241100x80000000000000004019506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf1ca5f141a20c8d2021-12-22 12:44:23.444root 11241100x80000000000000004019507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e654dad5e2321cf2021-12-22 12:44:23.444root 11241100x80000000000000004019508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a55fb66200b663832021-12-22 12:44:23.444root 11241100x80000000000000004019509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.099df13cbe4986bd2021-12-22 12:44:23.444root 11241100x80000000000000004019510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.056d9e7edb933cbb2021-12-22 12:44:23.444root 11241100x80000000000000004019511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dba810a77dbe8cd2021-12-22 12:44:23.943root 11241100x80000000000000004019512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.467daf3373903f102021-12-22 12:44:23.943root 11241100x80000000000000004019513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5fb14e499bfa1b72021-12-22 12:44:23.943root 11241100x80000000000000004019514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7680623e6e6df80b2021-12-22 12:44:23.943root 11241100x80000000000000004019515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f85cc8f2a66df122021-12-22 12:44:23.943root 11241100x80000000000000004019516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad3a2a654c4c3eb02021-12-22 12:44:23.943root 11241100x80000000000000004019517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3c2c52545876d212021-12-22 12:44:23.943root 11241100x80000000000000004019518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2f4cf7ab35c90c42021-12-22 12:44:23.943root 11241100x80000000000000004019519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50cc52567c07e1a12021-12-22 12:44:23.943root 11241100x80000000000000004019520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ab92d7ebdfeded82021-12-22 12:44:23.943root 11241100x80000000000000004019521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.373c5166b10fd3872021-12-22 12:44:24.443root 11241100x80000000000000004019522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbd024af3447752a2021-12-22 12:44:24.443root 11241100x80000000000000004019523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6399f1b1e5c8a6e42021-12-22 12:44:24.443root 11241100x80000000000000004019524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdcc60782ce67c602021-12-22 12:44:24.443root 11241100x80000000000000004019525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5f8ad3a46b559812021-12-22 12:44:24.443root 11241100x80000000000000004019526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cefa5ad59f31f4182021-12-22 12:44:24.443root 11241100x80000000000000004019527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.755fd44fc29566dd2021-12-22 12:44:24.443root 11241100x80000000000000004019528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b02be757044ad4132021-12-22 12:44:24.443root 11241100x80000000000000004019529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cce29d4a99383f092021-12-22 12:44:24.444root 11241100x80000000000000004019530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5045ae16854a95672021-12-22 12:44:24.444root 11241100x80000000000000004019531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bcc310e4a1d85e22021-12-22 12:44:24.943root 11241100x80000000000000004019532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a266383e0ac00902021-12-22 12:44:24.943root 11241100x80000000000000004019533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bed4a4a012af0e202021-12-22 12:44:24.943root 11241100x80000000000000004019534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b5e88d2d893ef402021-12-22 12:44:24.943root 11241100x80000000000000004019535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0089e2e133dbcc12021-12-22 12:44:24.943root 11241100x80000000000000004019536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cbb01436c0109f62021-12-22 12:44:24.943root 11241100x80000000000000004019537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd42b51ddba822e12021-12-22 12:44:24.943root 11241100x80000000000000004019538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.992a654d72989d292021-12-22 12:44:24.944root 11241100x80000000000000004019539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dd58f26e034303d2021-12-22 12:44:24.944root 11241100x80000000000000004019540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aa234b0efe462c22021-12-22 12:44:24.944root 11241100x80000000000000004019541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecf406f2add3664b2021-12-22 12:44:25.443root 11241100x80000000000000004019542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.687a55be8e9073482021-12-22 12:44:25.443root 11241100x80000000000000004019543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e27959202c4dccb2021-12-22 12:44:25.443root 11241100x80000000000000004019544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45c761eada74f3622021-12-22 12:44:25.443root 11241100x80000000000000004019545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3048b95928d6cd552021-12-22 12:44:25.443root 11241100x80000000000000004019546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fb0d3f7d5d188de2021-12-22 12:44:25.443root 11241100x80000000000000004019547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e00fa1d9eaa95ebf2021-12-22 12:44:25.443root 11241100x80000000000000004019548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dae6248023115252021-12-22 12:44:25.443root 11241100x80000000000000004019549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc280616eb1d2e32021-12-22 12:44:25.444root 11241100x80000000000000004019550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46ba89bfee1cc67c2021-12-22 12:44:25.444root 11241100x80000000000000004019551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ddbec902126407c2021-12-22 12:44:25.943root 11241100x80000000000000004019552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ab290240a8547af2021-12-22 12:44:25.943root 11241100x80000000000000004019553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1d42d249ee4cb5e2021-12-22 12:44:25.943root 11241100x80000000000000004019554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.add55c081f25ca432021-12-22 12:44:25.943root 11241100x80000000000000004019555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d12cd7abd49adc42021-12-22 12:44:25.944root 11241100x80000000000000004019556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a49e6c4e0a8890b2021-12-22 12:44:25.944root 11241100x80000000000000004019557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f47778134897759f2021-12-22 12:44:25.944root 11241100x80000000000000004019558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1930096593a4ee12021-12-22 12:44:25.944root 11241100x80000000000000004019559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2a6fa34b4a054d72021-12-22 12:44:25.945root 11241100x80000000000000004019560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.949573b01c71eb7b2021-12-22 12:44:25.945root 11241100x80000000000000004019561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dfd924d690afba52021-12-22 12:44:26.443root 11241100x80000000000000004019562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdbd9504e3aa1f9b2021-12-22 12:44:26.443root 11241100x80000000000000004019563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23210ed4d65535f42021-12-22 12:44:26.443root 11241100x80000000000000004019564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.454b885ffd05ebf72021-12-22 12:44:26.443root 11241100x80000000000000004019565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96606d33669845072021-12-22 12:44:26.443root 11241100x80000000000000004019566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bdc0c5953b0b3252021-12-22 12:44:26.443root 11241100x80000000000000004019567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.439905d08a6f32532021-12-22 12:44:26.443root 11241100x80000000000000004019568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79bb34234132f9292021-12-22 12:44:26.444root 11241100x80000000000000004019569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c42ec2c54e6f12e2021-12-22 12:44:26.444root 11241100x80000000000000004019570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b7c66c51ece89df2021-12-22 12:44:26.444root 11241100x80000000000000004019571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60299ceae5b92e432021-12-22 12:44:26.943root 11241100x80000000000000004019572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee05d0cdd1c13bc2021-12-22 12:44:26.943root 11241100x80000000000000004019573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e017c2c9a9759c422021-12-22 12:44:26.943root 11241100x80000000000000004019574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e340e0ed70da1dd2021-12-22 12:44:26.943root 11241100x80000000000000004019575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.925521d7c1bc96482021-12-22 12:44:26.943root 11241100x80000000000000004019576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe2cbf43ba8afb52021-12-22 12:44:26.943root 11241100x80000000000000004019577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceecb803a670b7ca2021-12-22 12:44:26.943root 11241100x80000000000000004019578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fff030b8d62401512021-12-22 12:44:26.943root 11241100x80000000000000004019579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b99c5b8bce341dd22021-12-22 12:44:26.944root 11241100x80000000000000004019580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e0e2d71da6e516e2021-12-22 12:44:26.944root 11241100x80000000000000004019581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d89ed53f6c482a182021-12-22 12:44:27.443root 11241100x80000000000000004019582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caebfc15e3fb97362021-12-22 12:44:27.443root 11241100x80000000000000004019583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e94b6d17a1be4bb52021-12-22 12:44:27.443root 11241100x80000000000000004019584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04ea5fbd01a44f0b2021-12-22 12:44:27.443root 11241100x80000000000000004019585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27130df43c1473b92021-12-22 12:44:27.443root 11241100x80000000000000004019586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50e13a4fc0febe952021-12-22 12:44:27.443root 11241100x80000000000000004019587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd3968c24248edd22021-12-22 12:44:27.444root 11241100x80000000000000004019588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0064cc823e6892722021-12-22 12:44:27.444root 11241100x80000000000000004019589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bc0b47fcc5a81c92021-12-22 12:44:27.444root 11241100x80000000000000004019590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ec2ccbcb411a7fd2021-12-22 12:44:27.444root 11241100x80000000000000004019591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.155050b7402af6d62021-12-22 12:44:27.943root 11241100x80000000000000004019592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ba72ab339fa29822021-12-22 12:44:27.943root 11241100x80000000000000004019593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.137426801382a0492021-12-22 12:44:27.943root 11241100x80000000000000004019594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.667b76b0048913fc2021-12-22 12:44:27.943root 11241100x80000000000000004019595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e40b89ffe67c5c92021-12-22 12:44:27.943root 11241100x80000000000000004019596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.310dd443978666e72021-12-22 12:44:27.944root 11241100x80000000000000004019597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c35dd9bf923c6d742021-12-22 12:44:27.944root 11241100x80000000000000004019598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de5e41cd278415102021-12-22 12:44:27.944root 11241100x80000000000000004019599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1648adcc023d1ad42021-12-22 12:44:27.944root 11241100x80000000000000004019600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36be9a85131fd15f2021-12-22 12:44:27.944root 354300x80000000000000004019601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:28.137{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-56838-false10.0.1.12-8000- 154100x80000000000000004019602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:28.423{ec2b6afe-1dac-61c3-6854-e51f5f550000}22709/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2319--- 11241100x80000000000000004019603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:28.425{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17fa9c3f423633d92021-12-22 12:44:28.425root 11241100x80000000000000004019604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:28.426{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a5b3d62f9f922f12021-12-22 12:44:28.426root 11241100x80000000000000004019605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:28.426{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3d23264b4fe8ee02021-12-22 12:44:28.426root 11241100x80000000000000004019606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:28.426{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb94291571ece2ec2021-12-22 12:44:28.426root 11241100x80000000000000004019607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:28.427{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9ba3c216f2bd83e2021-12-22 12:44:28.427root 11241100x80000000000000004019608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:28.427{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed6caa159e70d452021-12-22 12:44:28.427root 11241100x80000000000000004019609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:28.427{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c032e8345fbde9d2021-12-22 12:44:28.427root 11241100x80000000000000004019610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:28.427{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.633546a66cdbc0df2021-12-22 12:44:28.427root 11241100x80000000000000004019611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:28.427{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd3cc4b0ace440db2021-12-22 12:44:28.427root 11241100x80000000000000004019612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:28.427{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fb8c6848310412b2021-12-22 12:44:28.427root 11241100x80000000000000004019613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:28.428{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa2d5f7103d2a5ce2021-12-22 12:44:28.428root 11241100x80000000000000004019614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:28.428{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b5374dbd0cadbec2021-12-22 12:44:28.428root 534500x80000000000000004019615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:28.436{ec2b6afe-1dac-61c3-6854-e51f5f550000}22709/bin/psroot 11241100x80000000000000004019616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d40219a08ffe0d2021-12-22 12:44:28.693root 11241100x80000000000000004019617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ae138a0cea7e0e32021-12-22 12:44:28.693root 11241100x80000000000000004019618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eb30aa365e0aad72021-12-22 12:44:28.693root 11241100x80000000000000004019619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0848d7ba887fc2f42021-12-22 12:44:28.694root 11241100x80000000000000004019620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f30371f6a7dacac12021-12-22 12:44:28.694root 11241100x80000000000000004019621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f61693dbbcc3b1fc2021-12-22 12:44:28.694root 11241100x80000000000000004019622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3823361e1e3af9fb2021-12-22 12:44:28.694root 11241100x80000000000000004019623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9a7c1ea5a173ddc2021-12-22 12:44:28.694root 11241100x80000000000000004019624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e78db4d3a7ae3bcd2021-12-22 12:44:28.694root 11241100x80000000000000004019625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc3219cf379a01c32021-12-22 12:44:28.694root 11241100x80000000000000004019626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54cb703a774762c12021-12-22 12:44:28.695root 11241100x80000000000000004019627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6bbb0a84f315f4c2021-12-22 12:44:28.695root 11241100x80000000000000004019628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5414edfb2e8125d2021-12-22 12:44:28.695root 11241100x80000000000000004019629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db551cbe965fb3fa2021-12-22 12:44:29.193root 11241100x80000000000000004019630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9ef8f00490e1ffe2021-12-22 12:44:29.193root 11241100x80000000000000004019631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c92124c9550bfd92021-12-22 12:44:29.193root 11241100x80000000000000004019632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e343687f26c1df2021-12-22 12:44:29.193root 11241100x80000000000000004019633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd57147651ecc3692021-12-22 12:44:29.193root 11241100x80000000000000004019634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eee2afc0a246c542021-12-22 12:44:29.193root 11241100x80000000000000004019635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d8afcdb79e27f612021-12-22 12:44:29.194root 11241100x80000000000000004019636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcfbb2d4444d0f402021-12-22 12:44:29.194root 11241100x80000000000000004019637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6894f9b9cf949d92021-12-22 12:44:29.194root 11241100x80000000000000004019638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f37999f67467bb142021-12-22 12:44:29.194root 11241100x80000000000000004019639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a79c28a6be8ee8e82021-12-22 12:44:29.194root 11241100x80000000000000004019640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.365ce2c3c0cac4822021-12-22 12:44:29.194root 11241100x80000000000000004019641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54e184aec4794f322021-12-22 12:44:29.194root 11241100x80000000000000004019642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af7fc4f869e64ddb2021-12-22 12:44:29.693root 11241100x80000000000000004019643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b31b081ac67bbec82021-12-22 12:44:29.693root 11241100x80000000000000004019644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6f44aa41b1057672021-12-22 12:44:29.693root 11241100x80000000000000004019645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f70be089ed5dfc82021-12-22 12:44:29.693root 11241100x80000000000000004019646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd6a150105e1caba2021-12-22 12:44:29.693root 11241100x80000000000000004019647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2d51d6a010697f72021-12-22 12:44:29.693root 11241100x80000000000000004019648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7532a3498126eaa2021-12-22 12:44:29.694root 11241100x80000000000000004019649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12e9347433e527b72021-12-22 12:44:29.694root 11241100x80000000000000004019650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d97180f06c7ddd862021-12-22 12:44:29.694root 11241100x80000000000000004019651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a1ace19ec2772dd2021-12-22 12:44:29.694root 11241100x80000000000000004019652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.853e29271a08dd9e2021-12-22 12:44:29.694root 11241100x80000000000000004019653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.617ec42c16267f142021-12-22 12:44:29.694root 11241100x80000000000000004019654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b7f380c4171c5522021-12-22 12:44:29.694root 11241100x80000000000000004019655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2574e0cf176759302021-12-22 12:44:30.193root 11241100x80000000000000004019656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe62c69ca9cc89a12021-12-22 12:44:30.193root 11241100x80000000000000004019657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.549ff65109b45ea12021-12-22 12:44:30.193root 11241100x80000000000000004019658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bc72593565cf4da2021-12-22 12:44:30.193root 11241100x80000000000000004019659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf1d5fed8809a9012021-12-22 12:44:30.193root 11241100x80000000000000004019660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b52d870517bda442021-12-22 12:44:30.193root 11241100x80000000000000004019661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59d2a847610a86a62021-12-22 12:44:30.193root 11241100x80000000000000004019662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88ff3fc465bbc5622021-12-22 12:44:30.193root 11241100x80000000000000004019663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cd78aa0492589162021-12-22 12:44:30.194root 11241100x80000000000000004019664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4042a40f04350ea32021-12-22 12:44:30.194root 11241100x80000000000000004019665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d1dcaa6c000e11a2021-12-22 12:44:30.194root 11241100x80000000000000004019666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61a652c917afb4812021-12-22 12:44:30.194root 11241100x80000000000000004019667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a6a6ea1e0bec2752021-12-22 12:44:30.194root 11241100x80000000000000004019668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2511797efc6007fa2021-12-22 12:44:30.693root 11241100x80000000000000004019669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cee09904c6691172021-12-22 12:44:30.693root 11241100x80000000000000004019670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3db289bceceeb0482021-12-22 12:44:30.693root 11241100x80000000000000004019671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4c0a1b50be45fae2021-12-22 12:44:30.693root 11241100x80000000000000004019672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3a4700243bbd5502021-12-22 12:44:30.693root 11241100x80000000000000004019673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc86ac55d546746a2021-12-22 12:44:30.693root 11241100x80000000000000004019674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e3b382626fad0032021-12-22 12:44:30.693root 11241100x80000000000000004019675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.278608f1104f0fa82021-12-22 12:44:30.694root 11241100x80000000000000004019676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c63dd0b8d3a351252021-12-22 12:44:30.694root 11241100x80000000000000004019677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08816d33b8228fad2021-12-22 12:44:30.694root 11241100x80000000000000004019678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b45e2a79d5fcb802021-12-22 12:44:30.694root 11241100x80000000000000004019679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e69f4aa6adc37ccf2021-12-22 12:44:30.694root 11241100x80000000000000004019680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f79cf7cc8062e6712021-12-22 12:44:30.694root 11241100x80000000000000004019681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.462e578b2b355f472021-12-22 12:44:31.193root 11241100x80000000000000004019682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37f49d1f959dbb632021-12-22 12:44:31.193root 11241100x80000000000000004019683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62b5fac8803ac17b2021-12-22 12:44:31.193root 11241100x80000000000000004019684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a94940c6345ec58d2021-12-22 12:44:31.193root 11241100x80000000000000004019685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e584984dbf5af3202021-12-22 12:44:31.193root 11241100x80000000000000004019686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5207395d3fa7601a2021-12-22 12:44:31.193root 11241100x80000000000000004019687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53578720221bfc022021-12-22 12:44:31.193root 11241100x80000000000000004019688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cf02dff59c102322021-12-22 12:44:31.194root 11241100x80000000000000004019689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d479362b880518e72021-12-22 12:44:31.194root 11241100x80000000000000004019690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aebaaec58dc08d242021-12-22 12:44:31.194root 11241100x80000000000000004019691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2cd07a16c31b5f12021-12-22 12:44:31.194root 11241100x80000000000000004019692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ebb95eabd6554652021-12-22 12:44:31.194root 11241100x80000000000000004019693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4f047ae99baf9862021-12-22 12:44:31.194root 11241100x80000000000000004019694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcc041ec5ce7d0e62021-12-22 12:44:31.693root 11241100x80000000000000004019695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f58fe290fa9be8a62021-12-22 12:44:31.693root 11241100x80000000000000004019696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.254a5dce535bdc052021-12-22 12:44:31.693root 11241100x80000000000000004019697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c99aed0be065eccf2021-12-22 12:44:31.693root 11241100x80000000000000004019698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f57de3be79cfdd42021-12-22 12:44:31.693root 11241100x80000000000000004019699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f03444559156ad072021-12-22 12:44:31.693root 11241100x80000000000000004019700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.955a2e70fbb8b7072021-12-22 12:44:31.693root 11241100x80000000000000004019701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f06c9a6b863a9cad2021-12-22 12:44:31.694root 11241100x80000000000000004019702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f994645a20df77ae2021-12-22 12:44:31.694root 11241100x80000000000000004019703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2416884b72f9c4c2021-12-22 12:44:31.694root 11241100x80000000000000004019704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7db0d5097446fd12021-12-22 12:44:31.694root 11241100x80000000000000004019705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70a79800f98139092021-12-22 12:44:31.694root 11241100x80000000000000004019706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e40f906a81a94912021-12-22 12:44:31.694root 11241100x80000000000000004019707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bb0b3a94683c58b2021-12-22 12:44:32.193root 11241100x80000000000000004019708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.308afdb8a86416df2021-12-22 12:44:32.193root 11241100x80000000000000004019709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cb1f2095325052b2021-12-22 12:44:32.193root 11241100x80000000000000004019710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b58dcccefc1d292021-12-22 12:44:32.193root 11241100x80000000000000004019711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46751c80a32a278d2021-12-22 12:44:32.193root 11241100x80000000000000004019712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0854b53fed30b722021-12-22 12:44:32.193root 11241100x80000000000000004019713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d876361378b436992021-12-22 12:44:32.194root 11241100x80000000000000004019714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.723dbb578b75dacf2021-12-22 12:44:32.194root 11241100x80000000000000004019715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4533cc47c6fad2982021-12-22 12:44:32.194root 11241100x80000000000000004019716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2171f1854ad4dcef2021-12-22 12:44:32.194root 11241100x80000000000000004019717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d202ba3799ee86b22021-12-22 12:44:32.194root 11241100x80000000000000004019718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d96a8d19ab563f2021-12-22 12:44:32.194root 11241100x80000000000000004019719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23de9f8f3272da702021-12-22 12:44:32.194root 11241100x80000000000000004019720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69017b470d03055e2021-12-22 12:44:32.693root 11241100x80000000000000004019721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6834d45b013895722021-12-22 12:44:32.693root 11241100x80000000000000004019722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9206b44b3e0262872021-12-22 12:44:32.693root 11241100x80000000000000004019723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77e941300689948f2021-12-22 12:44:32.693root 11241100x80000000000000004019724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec0a4eee4ae83a0f2021-12-22 12:44:32.693root 11241100x80000000000000004019725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e982aaafb63cd452021-12-22 12:44:32.694root 11241100x80000000000000004019726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06271cd781fefb722021-12-22 12:44:32.694root 11241100x80000000000000004019727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f10a4e1010cc2a52021-12-22 12:44:32.694root 11241100x80000000000000004019728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bcf5844cd9c53682021-12-22 12:44:32.695root 11241100x80000000000000004019729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e3900ff24c9e2aa2021-12-22 12:44:32.695root 11241100x80000000000000004019730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f352d5dc76d5f762021-12-22 12:44:32.695root 11241100x80000000000000004019731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f6c9d237636174b2021-12-22 12:44:32.695root 11241100x80000000000000004019732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:32.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d61e75cba506ba4c2021-12-22 12:44:32.696root 11241100x80000000000000004019733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.124{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-22 12:44:33.124root 11241100x80000000000000004019734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.126{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e5bbbeb7a012bb62021-12-22 12:44:33.126root 11241100x80000000000000004019735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.126{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8310c992f6877c592021-12-22 12:44:33.126root 11241100x80000000000000004019736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.126{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7771b9ee9e49b9092021-12-22 12:44:33.126root 11241100x80000000000000004019737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.126{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96aa6e3afe9ece212021-12-22 12:44:33.126root 11241100x80000000000000004019738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.126{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c260742738c0e0ac2021-12-22 12:44:33.126root 11241100x80000000000000004019739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.126{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ef4767c958ec272021-12-22 12:44:33.126root 11241100x80000000000000004019740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.126{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efb1c35245d98dd92021-12-22 12:44:33.126root 11241100x80000000000000004019741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.126{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb73fad56ff1f7882021-12-22 12:44:33.126root 11241100x80000000000000004019742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.126{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b9d9f70d0e1123a2021-12-22 12:44:33.126root 11241100x80000000000000004019743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.126{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83a7449dc3068aa12021-12-22 12:44:33.126root 11241100x80000000000000004019744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.127{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64c85435147fa06c2021-12-22 12:44:33.127root 11241100x80000000000000004019745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.127{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56c621e3363753a52021-12-22 12:44:33.127root 11241100x80000000000000004019746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.127{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f97de165ebeba1682021-12-22 12:44:33.127root 11241100x80000000000000004019747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.127{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49d3a9a16019ce132021-12-22 12:44:33.127root 11241100x80000000000000004019748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.128{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03d8ae3948c542f62021-12-22 12:44:33.128root 11241100x80000000000000004019749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.128{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d62b049914e74e412021-12-22 12:44:33.128root 11241100x80000000000000004019750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.128{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e995b19ba62f122021-12-22 12:44:33.128root 11241100x80000000000000004019751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d324f557631be862021-12-22 12:44:33.442root 11241100x80000000000000004019752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.637bbc1506440c4f2021-12-22 12:44:33.443root 11241100x80000000000000004019753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0def67d78e81c202021-12-22 12:44:33.443root 11241100x80000000000000004019754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.296618a54762e63c2021-12-22 12:44:33.443root 11241100x80000000000000004019755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d792b56da8c5677a2021-12-22 12:44:33.443root 11241100x80000000000000004019756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58680ece22182ddc2021-12-22 12:44:33.443root 11241100x80000000000000004019757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b52b02ae4f9b8abb2021-12-22 12:44:33.443root 11241100x80000000000000004019758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c5571d21236dff22021-12-22 12:44:33.444root 11241100x80000000000000004019759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.911307c0fd904a742021-12-22 12:44:33.444root 11241100x80000000000000004019760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e31f101c78bb26f22021-12-22 12:44:33.444root 11241100x80000000000000004019761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7ba1d32e167212f2021-12-22 12:44:33.444root 11241100x80000000000000004019762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d978c8bb1934c0e02021-12-22 12:44:33.444root 11241100x80000000000000004019763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23beecf00e67f7092021-12-22 12:44:33.444root 11241100x80000000000000004019764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de209c849f73de222021-12-22 12:44:33.444root 11241100x80000000000000004019765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce09b6ca233fade32021-12-22 12:44:33.943root 11241100x80000000000000004019766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a52baa004cb302762021-12-22 12:44:33.943root 11241100x80000000000000004019767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea93c90c4f377802021-12-22 12:44:33.943root 11241100x80000000000000004019768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3cd1c71e9a1bf632021-12-22 12:44:33.943root 11241100x80000000000000004019769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c2850dae86c74582021-12-22 12:44:33.943root 11241100x80000000000000004019770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47cb379baa3768782021-12-22 12:44:33.944root 11241100x80000000000000004019771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bd5934dd414d69a2021-12-22 12:44:33.944root 11241100x80000000000000004019772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fb64cbeee6f27d82021-12-22 12:44:33.944root 11241100x80000000000000004019773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7b8e5bdd5cd0bf12021-12-22 12:44:33.944root 11241100x80000000000000004019774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e89cf3978d1c7eaf2021-12-22 12:44:33.944root 11241100x80000000000000004019775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a646c5261250b622021-12-22 12:44:33.944root 11241100x80000000000000004019776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63a77c009e9548402021-12-22 12:44:33.944root 11241100x80000000000000004019777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3685dfd92c4c03cc2021-12-22 12:44:33.944root 11241100x80000000000000004019778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c3b8acef2b6a2cf2021-12-22 12:44:33.944root 354300x80000000000000004019779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:34.052{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-56840-false10.0.1.12-8000- 354300x80000000000000004019780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:34.299{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-43906-false10.0.1.12-8089- 11241100x80000000000000004019781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:34.300{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd7767f241a7c2382021-12-22 12:44:34.300root 11241100x80000000000000004019782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:34.300{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af57028762262b952021-12-22 12:44:34.300root 11241100x80000000000000004019783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:34.300{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c5b1725160ca9ce2021-12-22 12:44:34.300root 11241100x80000000000000004019784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:34.300{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ca2152a46e8162c2021-12-22 12:44:34.300root 11241100x80000000000000004019785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:34.301{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eb722ab03da79d72021-12-22 12:44:34.301root 11241100x80000000000000004019786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:34.301{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d9d8ecba532865b2021-12-22 12:44:34.301root 11241100x80000000000000004019787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:34.301{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd3e049397d24e2e2021-12-22 12:44:34.301root 11241100x80000000000000004019788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:34.301{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.783b9466cac871332021-12-22 12:44:34.301root 11241100x80000000000000004019789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:34.301{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27d6deab260b7e152021-12-22 12:44:34.301root 11241100x80000000000000004019790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:34.301{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f487fa1b0bf080d2021-12-22 12:44:34.301root 11241100x80000000000000004019791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:34.301{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fa63b27a51009cc2021-12-22 12:44:34.301root 11241100x80000000000000004019792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:34.301{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d64536bd51dd41fb2021-12-22 12:44:34.301root 11241100x80000000000000004019793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:34.301{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74967fad67e9ce7c2021-12-22 12:44:34.301root 11241100x80000000000000004019794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:34.301{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f655cf09f6aacd362021-12-22 12:44:34.301root 11241100x80000000000000004019795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:34.301{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de5157bcb7915e912021-12-22 12:44:34.301root 11241100x80000000000000004019796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:34.301{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76d15a6431d968be2021-12-22 12:44:34.301root 11241100x80000000000000004019797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f0360bcc151ae0d2021-12-22 12:44:34.693root 11241100x80000000000000004019798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12a4e3ed69ed7bc32021-12-22 12:44:34.693root 11241100x80000000000000004019799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9834e28b86e947632021-12-22 12:44:34.693root 11241100x80000000000000004019800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ff1214890ccbd32021-12-22 12:44:34.693root 11241100x80000000000000004019801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.440a7940f835a0722021-12-22 12:44:34.693root 11241100x80000000000000004019802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e941059fc183112021-12-22 12:44:34.693root 11241100x80000000000000004019803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b5e43ebc1d5ba412021-12-22 12:44:34.693root 11241100x80000000000000004019804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a4d29b5b6cdabe2021-12-22 12:44:34.694root 11241100x80000000000000004019805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d4d1b5f34b9d1852021-12-22 12:44:34.694root 11241100x80000000000000004019806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd8f44340fe72ed82021-12-22 12:44:34.694root 11241100x80000000000000004019807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aeb7d4fbe2da0012021-12-22 12:44:34.694root 11241100x80000000000000004019808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c467df2827bfe612021-12-22 12:44:34.694root 11241100x80000000000000004019809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09062b8596940eaa2021-12-22 12:44:34.694root 11241100x80000000000000004019810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0068b2c2fb327fd52021-12-22 12:44:34.694root 11241100x80000000000000004019811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f57a963d13373c52021-12-22 12:44:34.694root 11241100x80000000000000004019812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3977047a4b71e722021-12-22 12:44:34.694root 11241100x80000000000000004019813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.159a600e72f2213c2021-12-22 12:44:35.193root 11241100x80000000000000004019814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c09c44a4a087d2d92021-12-22 12:44:35.193root 11241100x80000000000000004019815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b245e72b40fe2f072021-12-22 12:44:35.193root 11241100x80000000000000004019816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ff0c04e8f1a6c52021-12-22 12:44:35.193root 11241100x80000000000000004019817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ef2dcd1a9a9442d2021-12-22 12:44:35.194root 11241100x80000000000000004019818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8a40875c132faec2021-12-22 12:44:35.194root 11241100x80000000000000004019819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2be84b71fc8304c22021-12-22 12:44:35.194root 11241100x80000000000000004019820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f9aa417a374f9b52021-12-22 12:44:35.194root 11241100x80000000000000004019821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0279c2da28afcdf62021-12-22 12:44:35.194root 11241100x80000000000000004019822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a764e5ef48bb9382021-12-22 12:44:35.194root 11241100x80000000000000004019823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d214ff1b0db0dce22021-12-22 12:44:35.194root 11241100x80000000000000004019824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5b4bbd2e06953e82021-12-22 12:44:35.194root 11241100x80000000000000004019825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f34a936b28f18a62021-12-22 12:44:35.195root 11241100x80000000000000004019826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d79d65bd3557b3d82021-12-22 12:44:35.195root 11241100x80000000000000004019827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.172c109a0488d2222021-12-22 12:44:35.195root 11241100x80000000000000004019828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b12f24f5a4312c82021-12-22 12:44:35.195root 11241100x80000000000000004019829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a0acec6890ba33f2021-12-22 12:44:35.693root 11241100x80000000000000004019830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fdeadf3fa97a1cf2021-12-22 12:44:35.693root 11241100x80000000000000004019831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf873eb65f7da1b2021-12-22 12:44:35.693root 11241100x80000000000000004019832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95516fadeca2fbca2021-12-22 12:44:35.693root 11241100x80000000000000004019833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.428de31f772a7fa22021-12-22 12:44:35.694root 11241100x80000000000000004019834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64978bc07ca85c432021-12-22 12:44:35.694root 11241100x80000000000000004019835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2a8d3104b0e736d2021-12-22 12:44:35.694root 11241100x80000000000000004019836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.202646f8ad954cde2021-12-22 12:44:35.694root 11241100x80000000000000004019837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7439b387c8eee442021-12-22 12:44:35.694root 11241100x80000000000000004019838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c51c97dc4adf8d62021-12-22 12:44:35.694root 11241100x80000000000000004019839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddbf1be6481fe4092021-12-22 12:44:35.694root 11241100x80000000000000004019840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2073f9b1a67fa452021-12-22 12:44:35.694root 11241100x80000000000000004019841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db502c14936aa0362021-12-22 12:44:35.694root 11241100x80000000000000004019842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b325679b4c428592021-12-22 12:44:35.694root 11241100x80000000000000004019843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d21adc3040e4b3f02021-12-22 12:44:35.694root 11241100x80000000000000004019844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d458b873dd3b06272021-12-22 12:44:35.694root 23542300x80000000000000004019845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.125{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000004019846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.126{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f64422064b907e32021-12-22 12:44:36.126root 11241100x80000000000000004019847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.126{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84261deb798a301f2021-12-22 12:44:36.126root 11241100x80000000000000004019848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.126{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1ba1868f5e1ab282021-12-22 12:44:36.126root 11241100x80000000000000004019849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.126{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f9124d31af69d012021-12-22 12:44:36.126root 11241100x80000000000000004019850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.126{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.953378e448e8acbe2021-12-22 12:44:36.126root 11241100x80000000000000004019851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.127{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45ff2ef2878254ee2021-12-22 12:44:36.127root 11241100x80000000000000004019852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.127{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94c7bb000435fa012021-12-22 12:44:36.127root 11241100x80000000000000004019853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.127{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1abe38426b2b8dec2021-12-22 12:44:36.127root 11241100x80000000000000004019854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.127{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9caefe323e6388872021-12-22 12:44:36.127root 11241100x80000000000000004019855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.127{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c035ca6c3c6012252021-12-22 12:44:36.127root 11241100x80000000000000004019856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.127{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cd7fa5cd106e4472021-12-22 12:44:36.127root 11241100x80000000000000004019857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.128{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cec26aa5c4185772021-12-22 12:44:36.128root 11241100x80000000000000004019858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.128{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec6f954d3d5eed502021-12-22 12:44:36.128root 11241100x80000000000000004019859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.128{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e424c466c79fff92021-12-22 12:44:36.128root 11241100x80000000000000004019860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.128{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be3d9a096c4b72892021-12-22 12:44:36.128root 11241100x80000000000000004019861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.128{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b075f28cad4031e22021-12-22 12:44:36.128root 11241100x80000000000000004019862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.128{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a651c73cb6aadcea2021-12-22 12:44:36.128root 11241100x80000000000000004019863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.412265ed14a4cfc42021-12-22 12:44:36.443root 11241100x80000000000000004019864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2638bfd589d4d4b2021-12-22 12:44:36.443root 11241100x80000000000000004019865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0523f450acc6dbd2021-12-22 12:44:36.443root 11241100x80000000000000004019866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b43d08d30c0b7cb2021-12-22 12:44:36.443root 11241100x80000000000000004019867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d15a13d9ec28a462021-12-22 12:44:36.444root 11241100x80000000000000004019868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeeecbe98ad9132e2021-12-22 12:44:36.444root 11241100x80000000000000004019869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.904ba088b7d0b7bf2021-12-22 12:44:36.444root 11241100x80000000000000004019870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7698c42309b46fb82021-12-22 12:44:36.444root 11241100x80000000000000004019871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dba6495133a42de2021-12-22 12:44:36.444root 11241100x80000000000000004019872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f97cf759271a22aa2021-12-22 12:44:36.444root 11241100x80000000000000004019873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da671251fdf137a82021-12-22 12:44:36.444root 11241100x80000000000000004019874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f84efd359ce16ff92021-12-22 12:44:36.444root 11241100x80000000000000004019875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d628c32803e15fe62021-12-22 12:44:36.444root 11241100x80000000000000004019876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b72224cf76a7e412021-12-22 12:44:36.445root 11241100x80000000000000004019877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d67df387280067172021-12-22 12:44:36.445root 11241100x80000000000000004019878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed41ed58d2e204e62021-12-22 12:44:36.445root 11241100x80000000000000004019879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0fabf0d7168317f2021-12-22 12:44:36.445root 11241100x80000000000000004019880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec1a304e98c124d52021-12-22 12:44:36.943root 11241100x80000000000000004019881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac8f34ae36530d782021-12-22 12:44:36.943root 11241100x80000000000000004019882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ef026197fc57dfc2021-12-22 12:44:36.943root 11241100x80000000000000004019883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59ad60e83d54c4112021-12-22 12:44:36.943root 11241100x80000000000000004019884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b703db8d8dc96dc2021-12-22 12:44:36.943root 11241100x80000000000000004019885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a93be451a86b3ff62021-12-22 12:44:36.943root 11241100x80000000000000004019886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c74104bb7f15b3912021-12-22 12:44:36.944root 11241100x80000000000000004019887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.183a9821faf1577b2021-12-22 12:44:36.944root 11241100x80000000000000004019888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb70ab71a1d92ec12021-12-22 12:44:36.944root 11241100x80000000000000004019889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dac940498593da4a2021-12-22 12:44:36.944root 11241100x80000000000000004019890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99c37b6621f817362021-12-22 12:44:36.944root 11241100x80000000000000004019891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2ddedc1b8f246762021-12-22 12:44:36.944root 11241100x80000000000000004019892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.200d65d4f3c1ddf12021-12-22 12:44:36.944root 11241100x80000000000000004019893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c98cbe85286202c2021-12-22 12:44:36.944root 11241100x80000000000000004019894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e297bc17b2a80d92021-12-22 12:44:36.944root 11241100x80000000000000004019895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b63c667fe1db02e62021-12-22 12:44:36.944root 11241100x80000000000000004019896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e125fc6b95c1cfb2021-12-22 12:44:36.944root 11241100x80000000000000004019897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aa36231076ee8962021-12-22 12:44:37.443root 11241100x80000000000000004019898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9f2cfd4027a42082021-12-22 12:44:37.443root 11241100x80000000000000004019899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffdc33e7a64521a02021-12-22 12:44:37.443root 11241100x80000000000000004019900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dc54f2ea04ba9ea2021-12-22 12:44:37.443root 11241100x80000000000000004019901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa000eb8cb110a6e2021-12-22 12:44:37.443root 11241100x80000000000000004019902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f058bccf8915ce632021-12-22 12:44:37.443root 11241100x80000000000000004019903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be6ea440b00819b62021-12-22 12:44:37.444root 11241100x80000000000000004019904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36a97f7aded83ded2021-12-22 12:44:37.444root 11241100x80000000000000004019905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50bf217c5a2b49422021-12-22 12:44:37.444root 11241100x80000000000000004019906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33401e20818cb3cd2021-12-22 12:44:37.444root 11241100x80000000000000004019907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebb776f08024e63a2021-12-22 12:44:37.444root 11241100x80000000000000004019908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ad7e732ee9e62762021-12-22 12:44:37.444root 11241100x80000000000000004019909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5b19fa97433e33a2021-12-22 12:44:37.444root 11241100x80000000000000004019910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.936bc3cdfcc14a912021-12-22 12:44:37.444root 11241100x80000000000000004019911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ecad695cafc69472021-12-22 12:44:37.444root 11241100x80000000000000004019912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9f2b09ec64de92c2021-12-22 12:44:37.444root 11241100x80000000000000004019913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0dadcaa72fa3b5f2021-12-22 12:44:37.444root 154100x80000000000000004019914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.845{ec2b6afe-1db5-61c3-50ad-2f743e560000}22710/bin/kmod-----modprobe ./rootkit/home/ubuntu/rootkit_testubuntu{ec2b6afe-ff0e-61c2-e803-000000000000}100033no level-{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702/bin/bash-bashubuntu 11241100x80000000000000004019915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.846{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed35261739d5299b2021-12-22 12:44:37.846root 534500x80000000000000004019916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.846{ec2b6afe-1db5-61c3-50ad-2f743e560000}22710/bin/kmodubuntu 11241100x80000000000000004019917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.847{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6089cf9f1c31d3102021-12-22 12:44:37.847root 11241100x80000000000000004019918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.847{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae805d7c8b9b3c722021-12-22 12:44:37.847root 11241100x80000000000000004019919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.847{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bb73b789fafaa172021-12-22 12:44:37.847root 11241100x80000000000000004019920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.847{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.820b45225476af012021-12-22 12:44:37.847root 11241100x80000000000000004019921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.848{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0703a6a389259512021-12-22 12:44:37.848root 11241100x80000000000000004019922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.848{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.712c855c84e349252021-12-22 12:44:37.848root 11241100x80000000000000004019923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.848{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b003fa8f6515cf72021-12-22 12:44:37.848root 11241100x80000000000000004019924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.848{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b0a15279bd58f62021-12-22 12:44:37.848root 11241100x80000000000000004019925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.848{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1da076ece6ecb62f2021-12-22 12:44:37.848root 11241100x80000000000000004019926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.848{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a99b5f2fb1241d432021-12-22 12:44:37.848root 11241100x80000000000000004019927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.848{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43ed9307b5083e212021-12-22 12:44:37.848root 11241100x80000000000000004019928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.848{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aa1b48bd27dbfa92021-12-22 12:44:37.848root 11241100x80000000000000004019929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.848{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fe8ed4259388aeb2021-12-22 12:44:37.848root 11241100x80000000000000004019930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.849{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f805a899fedba1d2021-12-22 12:44:37.849root 11241100x80000000000000004019931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.849{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1afbc1c38ea5bf72021-12-22 12:44:37.849root 11241100x80000000000000004019932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.849{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a72ae8e1927657d2021-12-22 12:44:37.849root 11241100x80000000000000004019933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.849{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.781951619292847b2021-12-22 12:44:37.849root 11241100x80000000000000004019934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.849{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c9adfa2fd1e06e2021-12-22 12:44:37.849root 11241100x80000000000000004019935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.849{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9744a227135fea0e2021-12-22 12:44:37.849root 11241100x80000000000000004019936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.849{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f45009957efb9b952021-12-22 12:44:37.849root 11241100x80000000000000004019937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.849{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6a29046a1afb2ee2021-12-22 12:44:37.849root 11241100x80000000000000004019938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:37.849{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f4375dffc1244b42021-12-22 12:44:37.849root 11241100x80000000000000004019939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e95bb286f126a32021-12-22 12:44:38.193root 11241100x80000000000000004019940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cb52ec35477ccde2021-12-22 12:44:38.193root 11241100x80000000000000004019941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c63ec9420e6ffb3a2021-12-22 12:44:38.193root 11241100x80000000000000004019942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fec6a0336d89acc2021-12-22 12:44:38.193root 11241100x80000000000000004019943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ef72418c738c7a02021-12-22 12:44:38.193root 11241100x80000000000000004019944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b630da29968005362021-12-22 12:44:38.193root 11241100x80000000000000004019945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fd2cdf2eb9e90d82021-12-22 12:44:38.194root 11241100x80000000000000004019946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.804da545ef49aff32021-12-22 12:44:38.194root 11241100x80000000000000004019947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf2d4fe0d7f515492021-12-22 12:44:38.194root 11241100x80000000000000004019948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef206149b8cc257f2021-12-22 12:44:38.194root 11241100x80000000000000004019949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.616cfa2b272c56622021-12-22 12:44:38.194root 11241100x80000000000000004019950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:38.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19d63823901910cb2021-12-22 12:44:38.195root 11241100x80000000000000004019951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:38.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.108408c8956b9a342021-12-22 12:44:38.195root 11241100x80000000000000004019952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:38.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cef9a89555cc80b92021-12-22 12:44:38.195root 11241100x80000000000000004019953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:38.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a7f39a7209471932021-12-22 12:44:38.195root 11241100x80000000000000004019954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:38.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff255b537940cc3e2021-12-22 12:44:38.195root 11241100x80000000000000004019955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:38.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.515954937677c5ef2021-12-22 12:44:38.195root 11241100x80000000000000004019956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:38.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a152a61d85c62d542021-12-22 12:44:38.195root 11241100x80000000000000004019957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:38.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35d4d21f9f15cdc62021-12-22 12:44:38.195root 11241100x80000000000000004019958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:38.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84930a524a8675002021-12-22 12:44:38.692root 11241100x80000000000000004019959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.340f5f2b6444975b2021-12-22 12:44:38.693root 11241100x80000000000000004019960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.112d07b636f401242021-12-22 12:44:38.693root 11241100x80000000000000004019961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfffbe56d65c37cb2021-12-22 12:44:38.693root 11241100x80000000000000004019962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f6cd5efa1b72fc02021-12-22 12:44:38.693root 11241100x80000000000000004019963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc6c7f52710e0b902021-12-22 12:44:38.693root 11241100x80000000000000004019964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac677270e7605b6f2021-12-22 12:44:38.694root 11241100x80000000000000004019965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8e01dd3272072322021-12-22 12:44:38.694root 11241100x80000000000000004019966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.504af49b24a97b2c2021-12-22 12:44:38.694root 11241100x80000000000000004019967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1caf9530f359bbf62021-12-22 12:44:38.694root 11241100x80000000000000004019968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0012c954921983f82021-12-22 12:44:38.694root 11241100x80000000000000004019969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4163a167615f2d1a2021-12-22 12:44:38.694root 11241100x80000000000000004019970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:38.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77001048542d8ff72021-12-22 12:44:38.695root 11241100x80000000000000004019971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:38.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd612c0d7d9fb192021-12-22 12:44:38.695root 11241100x80000000000000004019972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:38.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b7b6dc451fce2822021-12-22 12:44:38.695root 11241100x80000000000000004019973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:38.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c28254225b815cd02021-12-22 12:44:38.695root 11241100x80000000000000004019974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:38.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccb344333c900ce32021-12-22 12:44:38.695root 11241100x80000000000000004019975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:38.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2deb773d82ebd9e2021-12-22 12:44:38.695root 11241100x80000000000000004019976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:38.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.013ac8d716740e122021-12-22 12:44:38.695root 354300x80000000000000004019977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.151{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-56844-false10.0.1.12-8000- 11241100x80000000000000004019978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.151{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0fa542bf481cddf2021-12-22 12:44:39.151root 11241100x80000000000000004019979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.152{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38a6aba9081613f02021-12-22 12:44:39.152root 11241100x80000000000000004019980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.152{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.963ad115d15779be2021-12-22 12:44:39.152root 11241100x80000000000000004019981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.152{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fa17e572dd61d362021-12-22 12:44:39.152root 11241100x80000000000000004019982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.152{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a369a99c910046d2021-12-22 12:44:39.152root 11241100x80000000000000004019983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.152{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4805b02132d93e3a2021-12-22 12:44:39.152root 11241100x80000000000000004019984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.152{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25edab75474cfe782021-12-22 12:44:39.152root 11241100x80000000000000004019985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db3cc23011c4a44e2021-12-22 12:44:39.153root 11241100x80000000000000004019986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85bec54086cf5f752021-12-22 12:44:39.153root 11241100x80000000000000004019987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5540ddff793a50712021-12-22 12:44:39.153root 11241100x80000000000000004019988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cebc8b2377e356762021-12-22 12:44:39.153root 11241100x80000000000000004019989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55ddb748ca7663662021-12-22 12:44:39.153root 11241100x80000000000000004019990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dfefa33447880d22021-12-22 12:44:39.153root 11241100x80000000000000004019991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b6dc1a5e36643002021-12-22 12:44:39.153root 11241100x80000000000000004019992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.154{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02bc00ba1c75cb072021-12-22 12:44:39.154root 11241100x80000000000000004019993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.154{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a0873213dcd97eb2021-12-22 12:44:39.154root 11241100x80000000000000004019994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.154{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a0478fe1f58fffe2021-12-22 12:44:39.154root 11241100x80000000000000004019995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.154{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb86ca10543e08ed2021-12-22 12:44:39.154root 11241100x80000000000000004019996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.154{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2066b8a0760829b2021-12-22 12:44:39.154root 11241100x80000000000000004019997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.154{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ba6160fc82245572021-12-22 12:44:39.154root 11241100x80000000000000004019998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.155{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e817aa898111b892021-12-22 12:44:39.155root 11241100x80000000000000004019999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.155{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea249461142ace4f2021-12-22 12:44:39.155root 11241100x80000000000000004020000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.155{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c20add177502cc2a2021-12-22 12:44:39.155root 11241100x80000000000000004020001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.155{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dc973e9406e4a152021-12-22 12:44:39.155root 11241100x80000000000000004020002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.155{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f57a6dc22c3e9d282021-12-22 12:44:39.155root 11241100x80000000000000004020003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16d41014f950160f2021-12-22 12:44:39.443root 11241100x80000000000000004020004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6c4dd53a75c21812021-12-22 12:44:39.443root 11241100x80000000000000004020005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f46e4d797aba347e2021-12-22 12:44:39.443root 11241100x80000000000000004020006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3425545bd86228762021-12-22 12:44:39.443root 11241100x80000000000000004020007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c13b71016b7e9d912021-12-22 12:44:39.444root 11241100x80000000000000004020008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0606812876cf57972021-12-22 12:44:39.444root 11241100x80000000000000004020009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8341027ba124cf782021-12-22 12:44:39.444root 11241100x80000000000000004020010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00e8cba7a8b18bd22021-12-22 12:44:39.444root 11241100x80000000000000004020011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00e6a466eac9efae2021-12-22 12:44:39.444root 11241100x80000000000000004020012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c96e96a86a00a0b2021-12-22 12:44:39.444root 11241100x80000000000000004020013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a8f61d8cc2350062021-12-22 12:44:39.444root 11241100x80000000000000004020014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0682b4fb1f0fb462021-12-22 12:44:39.444root 11241100x80000000000000004020015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9518edb92cc4c802021-12-22 12:44:39.444root 11241100x80000000000000004020016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3f3a8e355e3c48f2021-12-22 12:44:39.444root 11241100x80000000000000004020017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3a978aa907fdad92021-12-22 12:44:39.445root 11241100x80000000000000004020018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86531dae4b2bc6482021-12-22 12:44:39.445root 11241100x80000000000000004020019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ee0eef03650bfb72021-12-22 12:44:39.445root 11241100x80000000000000004020020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f850d6dba8001782021-12-22 12:44:39.445root 11241100x80000000000000004020021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a6051786f07164d2021-12-22 12:44:39.445root 11241100x80000000000000004020022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8888775b2b5be7d82021-12-22 12:44:39.445root 11241100x80000000000000004020023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23756c66328aa57c2021-12-22 12:44:39.943root 11241100x80000000000000004020024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08221b6a91288bdd2021-12-22 12:44:39.943root 11241100x80000000000000004020025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b26f7a2821c93cb2021-12-22 12:44:39.943root 11241100x80000000000000004020026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec10c646287449c72021-12-22 12:44:39.943root 11241100x80000000000000004020027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d58b68f844314cb2021-12-22 12:44:39.943root 11241100x80000000000000004020028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc032add926a32382021-12-22 12:44:39.944root 11241100x80000000000000004020029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc6d8e5d9a6d423c2021-12-22 12:44:39.944root 11241100x80000000000000004020030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e88fcef00406bed92021-12-22 12:44:39.944root 11241100x80000000000000004020031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4439f698a701fab82021-12-22 12:44:39.944root 11241100x80000000000000004020032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7350f41cb9a9d7b82021-12-22 12:44:39.944root 11241100x80000000000000004020033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8b9d7bcad893ea02021-12-22 12:44:39.944root 11241100x80000000000000004020034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b46563dc26ae3ce2021-12-22 12:44:39.944root 11241100x80000000000000004020035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b0ad0930cf522732021-12-22 12:44:39.944root 11241100x80000000000000004020036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cde5a6a2349ab39c2021-12-22 12:44:39.944root 11241100x80000000000000004020037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b30d47278b8645a2021-12-22 12:44:39.944root 11241100x80000000000000004020038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfe6442be361ef242021-12-22 12:44:39.945root 11241100x80000000000000004020039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.037b7ddbc5c7190b2021-12-22 12:44:39.945root 11241100x80000000000000004020040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceb5b13e91e502c92021-12-22 12:44:39.945root 11241100x80000000000000004020041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab3e51c039f53e782021-12-22 12:44:39.945root 11241100x80000000000000004020042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb8a98d95cb77d8e2021-12-22 12:44:39.945root 11241100x80000000000000004020043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e93d119e9ec3626c2021-12-22 12:44:40.443root 11241100x80000000000000004020044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86468661821c04e02021-12-22 12:44:40.443root 11241100x80000000000000004020045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdec218c02880f082021-12-22 12:44:40.444root 11241100x80000000000000004020046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b5700f5af99492e2021-12-22 12:44:40.444root 11241100x80000000000000004020047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.973dfa36f935306a2021-12-22 12:44:40.444root 11241100x80000000000000004020048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0485e9569b002b902021-12-22 12:44:40.444root 11241100x80000000000000004020049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e0c2128d94c5c9f2021-12-22 12:44:40.444root 11241100x80000000000000004020050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f00e3132082a1db2021-12-22 12:44:40.444root 11241100x80000000000000004020051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d189bf32665da1572021-12-22 12:44:40.444root 11241100x80000000000000004020052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27872673ac6a4ee92021-12-22 12:44:40.444root 11241100x80000000000000004020053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.289c0bad674646032021-12-22 12:44:40.444root 11241100x80000000000000004020054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ed994c75f7fa97e2021-12-22 12:44:40.445root 11241100x80000000000000004020055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88679fa54bf9e66c2021-12-22 12:44:40.445root 11241100x80000000000000004020056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6adf5bb63866f1882021-12-22 12:44:40.445root 11241100x80000000000000004020057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16b5bdf4ea639aad2021-12-22 12:44:40.445root 11241100x80000000000000004020058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d3b2b2b333fbfc2021-12-22 12:44:40.445root 11241100x80000000000000004020059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a8d62cfff92df582021-12-22 12:44:40.445root 11241100x80000000000000004020060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42916a8387e53a712021-12-22 12:44:40.445root 11241100x80000000000000004020061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc4403db6b6965de2021-12-22 12:44:40.445root 11241100x80000000000000004020062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1293838e5e1aaf3c2021-12-22 12:44:40.445root 11241100x80000000000000004020063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f5af5440eaeac4e2021-12-22 12:44:40.943root 11241100x80000000000000004020064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c9ae2311eb9b4812021-12-22 12:44:40.943root 11241100x80000000000000004020065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c83f8334a32a58fc2021-12-22 12:44:40.943root 11241100x80000000000000004020066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6fc05dd827ce70e2021-12-22 12:44:40.943root 11241100x80000000000000004020067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2e899b91e0dd3492021-12-22 12:44:40.943root 11241100x80000000000000004020068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27b293f658bc5d9e2021-12-22 12:44:40.944root 11241100x80000000000000004020069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11b470b6c3d6322a2021-12-22 12:44:40.944root 11241100x80000000000000004020070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.409d769fa554055e2021-12-22 12:44:40.944root 11241100x80000000000000004020071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62da0e8271883b772021-12-22 12:44:40.944root 11241100x80000000000000004020072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a1bd147ae9c660e2021-12-22 12:44:40.944root 11241100x80000000000000004020073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3d2cfca39a9e0512021-12-22 12:44:40.944root 11241100x80000000000000004020074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.038e63f9d087953a2021-12-22 12:44:40.944root 11241100x80000000000000004020075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e4109706bf18b7f2021-12-22 12:44:40.944root 11241100x80000000000000004020076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.134f3114fc342c042021-12-22 12:44:40.945root 11241100x80000000000000004020077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f687c263142a48912021-12-22 12:44:40.945root 11241100x80000000000000004020078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f1b8d309fd29c932021-12-22 12:44:40.945root 11241100x80000000000000004020079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.836c1bc9df5389722021-12-22 12:44:40.945root 11241100x80000000000000004020080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.489ae2b21f7456f92021-12-22 12:44:40.945root 11241100x80000000000000004020081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb4059152263f31e2021-12-22 12:44:40.945root 11241100x80000000000000004020082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:40.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bc8da19f9547a522021-12-22 12:44:40.946root 11241100x80000000000000004020083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.409bf49b317d676c2021-12-22 12:44:41.443root 11241100x80000000000000004020084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f91d6631ab7bc732021-12-22 12:44:41.443root 11241100x80000000000000004020085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cc2df818e4cc8e52021-12-22 12:44:41.443root 11241100x80000000000000004020086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e7d223e4f4086602021-12-22 12:44:41.443root 11241100x80000000000000004020087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8d7cdbfaa52546e2021-12-22 12:44:41.443root 11241100x80000000000000004020088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78bf62d25c47516e2021-12-22 12:44:41.444root 11241100x80000000000000004020089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb61c0afff7c7d0a2021-12-22 12:44:41.444root 11241100x80000000000000004020090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce42718353f2af9d2021-12-22 12:44:41.444root 11241100x80000000000000004020091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.161e2945951df2422021-12-22 12:44:41.444root 11241100x80000000000000004020092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dab17b6d3b84b4cd2021-12-22 12:44:41.444root 11241100x80000000000000004020093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dc88f54cb917fb12021-12-22 12:44:41.444root 11241100x80000000000000004020094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9421935a57ef7db32021-12-22 12:44:41.444root 11241100x80000000000000004020095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17656a5d57b6f80a2021-12-22 12:44:41.444root 11241100x80000000000000004020096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ba80fd5ae22da82021-12-22 12:44:41.444root 11241100x80000000000000004020097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68d0fcf88ab6cab12021-12-22 12:44:41.444root 11241100x80000000000000004020098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c25f9577b0d877192021-12-22 12:44:41.444root 11241100x80000000000000004020099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53b56e111855df042021-12-22 12:44:41.444root 11241100x80000000000000004020100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce9fd46a32394bbc2021-12-22 12:44:41.444root 11241100x80000000000000004020101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b936b2f507b5adaa2021-12-22 12:44:41.444root 11241100x80000000000000004020102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcb4c010d90f7e9a2021-12-22 12:44:41.444root 154100x80000000000000004020103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.495{ec2b6afe-1db9-61c3-507d-73690c560000}22711/bin/kmod-----lsmod/home/ubuntu/rootkit_testubuntu{ec2b6afe-ff0e-61c2-e803-000000000000}100033no level-{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702/bin/bash-bashubuntu 534500x80000000000000004020104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.499{ec2b6afe-1db9-61c3-507d-73690c560000}22711/bin/kmodubuntu 11241100x80000000000000004020105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a99f1d0c7350b1092021-12-22 12:44:41.943root 11241100x80000000000000004020106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24fa12df970636122021-12-22 12:44:41.943root 11241100x80000000000000004020107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f88e6c051bf968522021-12-22 12:44:41.943root 11241100x80000000000000004020108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81aefe49454dd5512021-12-22 12:44:41.943root 11241100x80000000000000004020109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcaa4c8772359ced2021-12-22 12:44:41.943root 11241100x80000000000000004020110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47d57a3f2ecbd32a2021-12-22 12:44:41.944root 11241100x80000000000000004020111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be1c7b8b4f609b602021-12-22 12:44:41.944root 11241100x80000000000000004020112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.915ec79726efe8222021-12-22 12:44:41.944root 11241100x80000000000000004020113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cba10383bcabc98e2021-12-22 12:44:41.944root 11241100x80000000000000004020114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90af65f61ece06b02021-12-22 12:44:41.944root 11241100x80000000000000004020115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.961a780c9c03ef152021-12-22 12:44:41.944root 11241100x80000000000000004020116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.862759ac9a545eb72021-12-22 12:44:41.945root 11241100x80000000000000004020117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d7063f0518762af2021-12-22 12:44:41.945root 11241100x80000000000000004020118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.458e05bd222adbe82021-12-22 12:44:41.945root 11241100x80000000000000004020119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9da93b789e6813362021-12-22 12:44:41.945root 11241100x80000000000000004020120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.566fe84eeed2b9962021-12-22 12:44:41.945root 11241100x80000000000000004020121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c91e8685e6708fcf2021-12-22 12:44:41.945root 11241100x80000000000000004020122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78a0a70e0c976aa42021-12-22 12:44:41.946root 11241100x80000000000000004020123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd4dd3cba71bfe92021-12-22 12:44:41.946root 11241100x80000000000000004020124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a3886068f7d1f122021-12-22 12:44:41.946root 11241100x80000000000000004020125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b376d8d7e74e768f2021-12-22 12:44:41.946root 11241100x80000000000000004020126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9f0f259b5c783cc2021-12-22 12:44:41.946root 11241100x80000000000000004020127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94205433de18f3292021-12-22 12:44:41.946root 11241100x80000000000000004020128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:41.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6532d515f8f4af642021-12-22 12:44:41.946root 11241100x80000000000000004020129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e966fac3d0d60ac82021-12-22 12:44:42.443root 11241100x80000000000000004020130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8dc6d6e6eef355c2021-12-22 12:44:42.443root 11241100x80000000000000004020131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49803462af719a402021-12-22 12:44:42.443root 11241100x80000000000000004020132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9977ee2858195f42021-12-22 12:44:42.444root 11241100x80000000000000004020133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da96b605e9472d3f2021-12-22 12:44:42.444root 11241100x80000000000000004020134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.590bdeb39fc0d0c02021-12-22 12:44:42.444root 11241100x80000000000000004020135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.938a0cf1cf6c9d382021-12-22 12:44:42.444root 11241100x80000000000000004020136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f09a4b8c208934f2021-12-22 12:44:42.444root 11241100x80000000000000004020137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eca1091b2434b41c2021-12-22 12:44:42.444root 11241100x80000000000000004020138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f18090a4697bc0d2021-12-22 12:44:42.444root 11241100x80000000000000004020139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.386b56edde0662c42021-12-22 12:44:42.444root 11241100x80000000000000004020140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7945c48fb4536a882021-12-22 12:44:42.444root 11241100x80000000000000004020141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a491c43039ad59ad2021-12-22 12:44:42.444root 11241100x80000000000000004020142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d4b475d4ce6fa952021-12-22 12:44:42.445root 11241100x80000000000000004020143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cc1697483a04b722021-12-22 12:44:42.445root 11241100x80000000000000004020144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8bd570ce1e4cde42021-12-22 12:44:42.445root 11241100x80000000000000004020145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f10029d93c366b002021-12-22 12:44:42.445root 11241100x80000000000000004020146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4978cc2341ece302021-12-22 12:44:42.445root 11241100x80000000000000004020147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c1632a52afc24ce2021-12-22 12:44:42.445root 11241100x80000000000000004020148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e622f732e494bb12021-12-22 12:44:42.445root 11241100x80000000000000004020149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b7174e338ae4b4a2021-12-22 12:44:42.445root 11241100x80000000000000004020150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36c79b80e081f97b2021-12-22 12:44:42.445root 11241100x80000000000000004020151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaaa2e691ca47ed72021-12-22 12:44:42.943root 11241100x80000000000000004020152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ff38f76d4404c0f2021-12-22 12:44:42.943root 11241100x80000000000000004020153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92a3af9b5212a83b2021-12-22 12:44:42.943root 11241100x80000000000000004020154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cbabb0ad84267d12021-12-22 12:44:42.943root 11241100x80000000000000004020155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.068979b3bbd0c1b52021-12-22 12:44:42.944root 11241100x80000000000000004020156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc2e3179fb41cdfb2021-12-22 12:44:42.944root 11241100x80000000000000004020157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66720e1cbae6771b2021-12-22 12:44:42.944root 11241100x80000000000000004020158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9153c5a9487c51d2021-12-22 12:44:42.944root 11241100x80000000000000004020159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.918d5187cb6dcbb42021-12-22 12:44:42.944root 11241100x80000000000000004020160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c2a12a7490009d2021-12-22 12:44:42.944root 11241100x80000000000000004020161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f07fbdb85bb6ef982021-12-22 12:44:42.944root 11241100x80000000000000004020162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60aa30c24cbf443e2021-12-22 12:44:42.944root 11241100x80000000000000004020163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9de886aedbef0fb62021-12-22 12:44:42.944root 11241100x80000000000000004020164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72d72c5b51d5c4d82021-12-22 12:44:42.944root 11241100x80000000000000004020165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.289492fb758808a42021-12-22 12:44:42.945root 11241100x80000000000000004020166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c97b2f6c05c42ee2021-12-22 12:44:42.945root 11241100x80000000000000004020167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d9193bd0e79e942021-12-22 12:44:42.945root 11241100x80000000000000004020168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fae2cd40592cb742021-12-22 12:44:42.945root 11241100x80000000000000004020169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d8d44531b8fdb6c2021-12-22 12:44:42.945root 11241100x80000000000000004020170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.741a98e4bb50f9112021-12-22 12:44:42.945root 11241100x80000000000000004020171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe600b5b6d7074b2021-12-22 12:44:42.946root 11241100x80000000000000004020172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cee9d6907ddf4fb32021-12-22 12:44:42.946root 11241100x80000000000000004020173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb509781a4b826b02021-12-22 12:44:43.443root 11241100x80000000000000004020174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d48d261a57448a972021-12-22 12:44:43.443root 11241100x80000000000000004020175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36c85660160976b72021-12-22 12:44:43.443root 11241100x80000000000000004020176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a42abda0e55f0622021-12-22 12:44:43.443root 11241100x80000000000000004020177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e083c9913057552021-12-22 12:44:43.443root 11241100x80000000000000004020178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19ca666faea6c3722021-12-22 12:44:43.444root 11241100x80000000000000004020179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcf1c826de69c00c2021-12-22 12:44:43.444root 11241100x80000000000000004020180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fffdb71d534cc5222021-12-22 12:44:43.444root 11241100x80000000000000004020181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4add73d7d1549ba2021-12-22 12:44:43.444root 11241100x80000000000000004020182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.662b6b70a72b6a392021-12-22 12:44:43.445root 11241100x80000000000000004020183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60900d686347e3e52021-12-22 12:44:43.445root 11241100x80000000000000004020184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf00bb18011a9e92021-12-22 12:44:43.445root 11241100x80000000000000004020185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9490afca4aba04992021-12-22 12:44:43.445root 11241100x80000000000000004020186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.480f857c56d1030c2021-12-22 12:44:43.445root 11241100x80000000000000004020187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6708e499ac1803d2021-12-22 12:44:43.445root 11241100x80000000000000004020188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ba92e6fb870b7412021-12-22 12:44:43.446root 11241100x80000000000000004020189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5754b417df7a91af2021-12-22 12:44:43.446root 11241100x80000000000000004020190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5536cc85db6309602021-12-22 12:44:43.446root 11241100x80000000000000004020191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3f8ba019bdb4d472021-12-22 12:44:43.446root 11241100x80000000000000004020192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29cb05e998f397882021-12-22 12:44:43.446root 11241100x80000000000000004020193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c48dd87c543a5e02021-12-22 12:44:43.446root 11241100x80000000000000004020194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.764699c271225ff42021-12-22 12:44:43.446root 11241100x80000000000000004020195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87c8d57f6a9330a32021-12-22 12:44:43.447root 11241100x80000000000000004020196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.368c1813faf855f62021-12-22 12:44:43.447root 11241100x80000000000000004020197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0255ad9824861542021-12-22 12:44:43.943root 11241100x80000000000000004020198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcad6df9e6caa69c2021-12-22 12:44:43.943root 11241100x80000000000000004020199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f67ae90153c8c0f2021-12-22 12:44:43.943root 11241100x80000000000000004020200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb188c3623741ac62021-12-22 12:44:43.943root 11241100x80000000000000004020201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bb6db851bf3551b2021-12-22 12:44:43.943root 11241100x80000000000000004020202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f882ba3760d796e2021-12-22 12:44:43.944root 11241100x80000000000000004020203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9435a38bb7dffb662021-12-22 12:44:43.944root 11241100x80000000000000004020204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3d0462789a0223a2021-12-22 12:44:43.944root 11241100x80000000000000004020205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efc2e8a1780839272021-12-22 12:44:43.944root 11241100x80000000000000004020206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.316d9e5d8247f65d2021-12-22 12:44:43.944root 11241100x80000000000000004020207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2500e36926679afa2021-12-22 12:44:43.944root 11241100x80000000000000004020208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3a6817fdd6abbaa2021-12-22 12:44:43.944root 11241100x80000000000000004020209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d33eee3e5d69ed2e2021-12-22 12:44:43.945root 11241100x80000000000000004020210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59ad1b5430c3f6a42021-12-22 12:44:43.945root 11241100x80000000000000004020211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8cf1ca19582de8b2021-12-22 12:44:43.945root 11241100x80000000000000004020212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca662fcaa54fec12021-12-22 12:44:43.945root 11241100x80000000000000004020213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab48f80916a6581c2021-12-22 12:44:43.945root 11241100x80000000000000004020214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f08df8a3f7b74252021-12-22 12:44:43.945root 11241100x80000000000000004020215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36c2d5354d8704272021-12-22 12:44:43.945root 11241100x80000000000000004020216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9b2bc1fb609d8d82021-12-22 12:44:43.945root 11241100x80000000000000004020217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efc98b5286173a3f2021-12-22 12:44:43.946root 11241100x80000000000000004020218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c52ff66e8879bc692021-12-22 12:44:43.946root 11241100x80000000000000004020219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8333b9271ba086662021-12-22 12:44:43.946root 11241100x80000000000000004020220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:43.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92047f7fbe3845502021-12-22 12:44:43.947root 354300x80000000000000004020221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.160{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-56846-false10.0.1.12-8000- 11241100x80000000000000004020222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8400b93e29ab80622021-12-22 12:44:44.443root 11241100x80000000000000004020223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5c17119d6d9ec582021-12-22 12:44:44.443root 11241100x80000000000000004020224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.026d73609e8e92642021-12-22 12:44:44.443root 11241100x80000000000000004020225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f454277cf4fcdf222021-12-22 12:44:44.443root 11241100x80000000000000004020226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93b78b0e3eb418bf2021-12-22 12:44:44.444root 11241100x80000000000000004020227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.250460188a960c0a2021-12-22 12:44:44.444root 11241100x80000000000000004020228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a858288663d531b32021-12-22 12:44:44.444root 11241100x80000000000000004020229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.811be85d45c6be4e2021-12-22 12:44:44.444root 11241100x80000000000000004020230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b200d77e12e625352021-12-22 12:44:44.444root 11241100x80000000000000004020231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edf389e0baa6eea32021-12-22 12:44:44.444root 11241100x80000000000000004020232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d4fb161100bec5d2021-12-22 12:44:44.444root 11241100x80000000000000004020233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3415a1663540b90f2021-12-22 12:44:44.444root 11241100x80000000000000004020234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e408242e12d00d2021-12-22 12:44:44.444root 11241100x80000000000000004020235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c237da190c78c6d2021-12-22 12:44:44.444root 11241100x80000000000000004020236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c665de864b6c93462021-12-22 12:44:44.444root 11241100x80000000000000004020237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fb484c4b012280c2021-12-22 12:44:44.444root 11241100x80000000000000004020238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.103aa1152b3ee6d72021-12-22 12:44:44.444root 11241100x80000000000000004020239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b5661a20317603b2021-12-22 12:44:44.444root 11241100x80000000000000004020240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a4d172141d7339d2021-12-22 12:44:44.445root 11241100x80000000000000004020241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04f2e3ed866043462021-12-22 12:44:44.445root 11241100x80000000000000004020242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53a096ef2a37f85b2021-12-22 12:44:44.445root 11241100x80000000000000004020243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ea3963aec3dd3392021-12-22 12:44:44.445root 11241100x80000000000000004020244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6b16be8bdcc19b82021-12-22 12:44:44.445root 11241100x80000000000000004020245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90f2928fc24d59392021-12-22 12:44:44.943root 11241100x80000000000000004020246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f01acc8e3339c5f62021-12-22 12:44:44.943root 11241100x80000000000000004020247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d9a46fd48bbb6082021-12-22 12:44:44.943root 11241100x80000000000000004020248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77bf7190021128f12021-12-22 12:44:44.943root 11241100x80000000000000004020249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.708977408a5bc2442021-12-22 12:44:44.944root 11241100x80000000000000004020250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14cbc27aaaf440f02021-12-22 12:44:44.944root 11241100x80000000000000004020251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6958a3e438a3e2d2021-12-22 12:44:44.944root 11241100x80000000000000004020252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4603d441b1607f582021-12-22 12:44:44.944root 11241100x80000000000000004020253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ae5d535c3e05e9e2021-12-22 12:44:44.944root 11241100x80000000000000004020254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2499e518b98cf7982021-12-22 12:44:44.944root 11241100x80000000000000004020255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7585de022301460d2021-12-22 12:44:44.945root 11241100x80000000000000004020256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15c94a9904179d2f2021-12-22 12:44:44.945root 11241100x80000000000000004020257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4297286520b186692021-12-22 12:44:44.945root 11241100x80000000000000004020258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13109433ba5e226b2021-12-22 12:44:44.945root 11241100x80000000000000004020259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d16dec7f6f34535a2021-12-22 12:44:44.945root 11241100x80000000000000004020260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d791e8562f1c95022021-12-22 12:44:44.945root 11241100x80000000000000004020261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72ceb3ad968492952021-12-22 12:44:44.945root 11241100x80000000000000004020262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5a79044511ea14b2021-12-22 12:44:44.946root 11241100x80000000000000004020263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2ead9524e1b14d32021-12-22 12:44:44.946root 11241100x80000000000000004020264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cef74ce77bfc95e52021-12-22 12:44:44.946root 11241100x80000000000000004020265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e6a5d94a9c121f32021-12-22 12:44:44.946root 11241100x80000000000000004020266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52da656d3549d70e2021-12-22 12:44:44.946root 11241100x80000000000000004020267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:44.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d18d84ee345573f2021-12-22 12:44:44.947root 11241100x80000000000000004020268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19701a2a7f70c8ef2021-12-22 12:44:45.442root 11241100x80000000000000004020269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.319e86d2abc6e49a2021-12-22 12:44:45.443root 11241100x80000000000000004020270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b4761e92614bba2021-12-22 12:44:45.443root 11241100x80000000000000004020271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.700d3ba11416fcca2021-12-22 12:44:45.443root 11241100x80000000000000004020272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2090631cc0a397cb2021-12-22 12:44:45.443root 11241100x80000000000000004020273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bddf9506980d73382021-12-22 12:44:45.443root 11241100x80000000000000004020274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f5c34a1e841d97c2021-12-22 12:44:45.444root 11241100x80000000000000004020275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae0502728941cc132021-12-22 12:44:45.444root 11241100x80000000000000004020276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0651589240fc98782021-12-22 12:44:45.444root 11241100x80000000000000004020277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.661f222f36274fc42021-12-22 12:44:45.444root 11241100x80000000000000004020278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f7697715f1581e82021-12-22 12:44:45.444root 11241100x80000000000000004020279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.293de262d06cff7a2021-12-22 12:44:45.444root 11241100x80000000000000004020280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bc420bca7fef5782021-12-22 12:44:45.444root 11241100x80000000000000004020281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.002fe7735d5b06062021-12-22 12:44:45.445root 11241100x80000000000000004020282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68259a055bbcabd52021-12-22 12:44:45.445root 11241100x80000000000000004020283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d93ad10c39085c2021-12-22 12:44:45.445root 11241100x80000000000000004020284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97ecb3733f305c402021-12-22 12:44:45.445root 11241100x80000000000000004020285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c48b4f14377889442021-12-22 12:44:45.445root 11241100x80000000000000004020286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0497be4ed07dc90b2021-12-22 12:44:45.445root 11241100x80000000000000004020287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abebae996ca3d72d2021-12-22 12:44:45.445root 11241100x80000000000000004020288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c59ce6a6c5433e82021-12-22 12:44:45.446root 11241100x80000000000000004020289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38262395d88904a32021-12-22 12:44:45.446root 11241100x80000000000000004020290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e20ab3cd576265d02021-12-22 12:44:45.446root 11241100x80000000000000004020291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1555ca3a07f015352021-12-22 12:44:45.446root 11241100x80000000000000004020292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b60cba6f5d10f442021-12-22 12:44:45.446root 11241100x80000000000000004020293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11e92ab04cb2e5c32021-12-22 12:44:45.943root 11241100x80000000000000004020294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a979516771028a2a2021-12-22 12:44:45.943root 11241100x80000000000000004020295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5399afcb1ed2f492021-12-22 12:44:45.943root 11241100x80000000000000004020296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c95cb45964d29a42021-12-22 12:44:45.943root 11241100x80000000000000004020297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e93c7674eff14db32021-12-22 12:44:45.943root 11241100x80000000000000004020298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.909110aa313190ee2021-12-22 12:44:45.944root 11241100x80000000000000004020299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10bc18f144ff5ce82021-12-22 12:44:45.944root 11241100x80000000000000004020300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb4a624c2d4fd6872021-12-22 12:44:45.944root 11241100x80000000000000004020301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cf840b9d92308cc2021-12-22 12:44:45.944root 11241100x80000000000000004020302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0496775fa72cb89c2021-12-22 12:44:45.944root 11241100x80000000000000004020303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.720175972322352e2021-12-22 12:44:45.944root 11241100x80000000000000004020304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ec9c4b7ed33e0252021-12-22 12:44:45.944root 11241100x80000000000000004020305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3637212e1db430fc2021-12-22 12:44:45.944root 11241100x80000000000000004020306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3306e2d51dacf562021-12-22 12:44:45.945root 11241100x80000000000000004020307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbd843b1b548abec2021-12-22 12:44:45.945root 11241100x80000000000000004020308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.522fb96290f6d3ab2021-12-22 12:44:45.945root 11241100x80000000000000004020309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.065e8990524d1b682021-12-22 12:44:45.945root 11241100x80000000000000004020310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e89d1c03f3098a6a2021-12-22 12:44:45.945root 11241100x80000000000000004020311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbbf7673c2c24b802021-12-22 12:44:45.945root 11241100x80000000000000004020312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1093e7cbd1a5722d2021-12-22 12:44:45.945root 11241100x80000000000000004020313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcd93c0c09fc1a4c2021-12-22 12:44:45.945root 11241100x80000000000000004020314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edfc9b96956377b22021-12-22 12:44:45.945root 11241100x80000000000000004020315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6727edfb022554662021-12-22 12:44:45.945root 11241100x80000000000000004020316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f21826af082bda042021-12-22 12:44:46.443root 11241100x80000000000000004020317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49514a426671b05e2021-12-22 12:44:46.443root 11241100x80000000000000004020318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a8886513d27c0582021-12-22 12:44:46.443root 11241100x80000000000000004020319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e42cd4f26a3945792021-12-22 12:44:46.443root 11241100x80000000000000004020320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2bd4ddc8fb4521a2021-12-22 12:44:46.444root 11241100x80000000000000004020321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6424d4bafcc79df12021-12-22 12:44:46.444root 11241100x80000000000000004020322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b618cf4b7eea8a2e2021-12-22 12:44:46.444root 11241100x80000000000000004020323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5941d4b9a14d7762021-12-22 12:44:46.444root 11241100x80000000000000004020324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.594d8fbabfdef9282021-12-22 12:44:46.444root 11241100x80000000000000004020325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.245ed94db55c520d2021-12-22 12:44:46.445root 11241100x80000000000000004020326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e44de3d5b5951202021-12-22 12:44:46.445root 11241100x80000000000000004020327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31fdfc2ff0e5a78c2021-12-22 12:44:46.446root 11241100x80000000000000004020328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.435d0e4c262feabc2021-12-22 12:44:46.447root 11241100x80000000000000004020329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03399051caef72852021-12-22 12:44:46.447root 11241100x80000000000000004020330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec7ed8cfb23464d82021-12-22 12:44:46.447root 11241100x80000000000000004020331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78d41f0c5f3176532021-12-22 12:44:46.448root 11241100x80000000000000004020332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.440b00f50ac0247c2021-12-22 12:44:46.448root 11241100x80000000000000004020333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.566ee9414b9de1592021-12-22 12:44:46.448root 11241100x80000000000000004020334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b71e2689bcd4c7052021-12-22 12:44:46.448root 11241100x80000000000000004020335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9f99e9a5398705e2021-12-22 12:44:46.448root 11241100x80000000000000004020336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d28d9315db9b45c92021-12-22 12:44:46.449root 11241100x80000000000000004020337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0a4181a61a089302021-12-22 12:44:46.449root 11241100x80000000000000004020338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7d2a57d71b9bdf32021-12-22 12:44:46.449root 11241100x80000000000000004020339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5a7ddc86afa7e892021-12-22 12:44:46.943root 11241100x80000000000000004020340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3baad80f3f2466f2021-12-22 12:44:46.943root 11241100x80000000000000004020341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a11fa304c719133b2021-12-22 12:44:46.943root 11241100x80000000000000004020342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4921caf8e541175d2021-12-22 12:44:46.943root 11241100x80000000000000004020343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c23c182d1d1517e2021-12-22 12:44:46.943root 11241100x80000000000000004020344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e85e4a647964f192021-12-22 12:44:46.943root 11241100x80000000000000004020345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dca15db4139c1c92021-12-22 12:44:46.943root 11241100x80000000000000004020346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99b47c608383c54a2021-12-22 12:44:46.944root 11241100x80000000000000004020347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1ecd4c0c666f7152021-12-22 12:44:46.944root 11241100x80000000000000004020348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20e0ce38677a6ad22021-12-22 12:44:46.944root 11241100x80000000000000004020349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09803c69caec99002021-12-22 12:44:46.944root 11241100x80000000000000004020350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0804593b01e0e0a2021-12-22 12:44:46.944root 11241100x80000000000000004020351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc62e88cbf90876e2021-12-22 12:44:46.945root 11241100x80000000000000004020352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b75aea082abad62021-12-22 12:44:46.945root 11241100x80000000000000004020353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73181f693b3ed5502021-12-22 12:44:46.945root 11241100x80000000000000004020354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.547fcc0dc9116b082021-12-22 12:44:46.946root 11241100x80000000000000004020355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1ae8740904956d62021-12-22 12:44:46.946root 11241100x80000000000000004020356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5584d673de40f2462021-12-22 12:44:46.947root 11241100x80000000000000004020357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.301f1d52e11dc42a2021-12-22 12:44:46.947root 11241100x80000000000000004020358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c11df7b37708f7e22021-12-22 12:44:46.947root 11241100x80000000000000004020359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc341e1daa2c9f8d2021-12-22 12:44:46.947root 11241100x80000000000000004020360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47bf09fa27a7c6b12021-12-22 12:44:46.948root 11241100x80000000000000004020361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dbdfa5b9dc055682021-12-22 12:44:46.948root 11241100x80000000000000004020362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d2878eccf9e4c7d2021-12-22 12:44:46.948root 11241100x80000000000000004020363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b7105eebea1a5772021-12-22 12:44:46.949root 11241100x80000000000000004020364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.030f4be696561d5a2021-12-22 12:44:46.949root 11241100x80000000000000004020365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c44ff0c66d7fd252021-12-22 12:44:46.949root 11241100x80000000000000004020366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2182772f484c5722021-12-22 12:44:46.949root 11241100x80000000000000004020367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:46.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9687b30aa72c3add2021-12-22 12:44:46.950root 11241100x80000000000000004020368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11045edbcc8fba042021-12-22 12:44:47.443root 11241100x80000000000000004020369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dc0a7f202e575572021-12-22 12:44:47.444root 11241100x80000000000000004020370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61c59d90da30908f2021-12-22 12:44:47.444root 11241100x80000000000000004020371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fc7341329c2ad382021-12-22 12:44:47.444root 11241100x80000000000000004020372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17ed1e624ca0814b2021-12-22 12:44:47.444root 11241100x80000000000000004020373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.059bc82affd1a5f02021-12-22 12:44:47.445root 11241100x80000000000000004020374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7722a0d00d13fc532021-12-22 12:44:47.445root 11241100x80000000000000004020375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9bc4e14e358403d2021-12-22 12:44:47.445root 11241100x80000000000000004020376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.062a23d197ad4f182021-12-22 12:44:47.445root 11241100x80000000000000004020377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2716a86a78f505a82021-12-22 12:44:47.445root 11241100x80000000000000004020378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e82c2648bd7bb52021-12-22 12:44:47.445root 11241100x80000000000000004020379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.747c67f10890c4a22021-12-22 12:44:47.445root 11241100x80000000000000004020380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb7c5ce2c84b6cda2021-12-22 12:44:47.446root 11241100x80000000000000004020381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b256b6769a9a3d602021-12-22 12:44:47.446root 11241100x80000000000000004020382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f366c897b4b6fb2021-12-22 12:44:47.446root 11241100x80000000000000004020383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.743efce546a57cc72021-12-22 12:44:47.446root 11241100x80000000000000004020384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a13b34da1f0eca52021-12-22 12:44:47.446root 11241100x80000000000000004020385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2fc56c918dd30ae2021-12-22 12:44:47.446root 11241100x80000000000000004020386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62443f096f30af2c2021-12-22 12:44:47.447root 11241100x80000000000000004020387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28cc1927c84ca8ef2021-12-22 12:44:47.447root 11241100x80000000000000004020388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3508dcc335707a3e2021-12-22 12:44:47.447root 11241100x80000000000000004020389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f836fb145ba3f4a2021-12-22 12:44:47.447root 11241100x80000000000000004020390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3880efbc270613162021-12-22 12:44:47.447root 11241100x80000000000000004020391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3d3d0cedf031e5b2021-12-22 12:44:47.943root 11241100x80000000000000004020392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.483fd6a63c1f685f2021-12-22 12:44:47.943root 11241100x80000000000000004020393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86a5a993f55e1aa92021-12-22 12:44:47.943root 11241100x80000000000000004020394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de021f46629197e82021-12-22 12:44:47.943root 11241100x80000000000000004020395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e85921aca05ec492021-12-22 12:44:47.943root 11241100x80000000000000004020396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b8ca77dcdaa48a2021-12-22 12:44:47.944root 11241100x80000000000000004020397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf8530cd16d8dcdd2021-12-22 12:44:47.944root 11241100x80000000000000004020398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93bdf5bc1f0d69982021-12-22 12:44:47.944root 11241100x80000000000000004020399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aa355f76f33d9832021-12-22 12:44:47.944root 11241100x80000000000000004020400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11819c8dec3244a12021-12-22 12:44:47.944root 11241100x80000000000000004020401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e7e3fe5e8c1833c2021-12-22 12:44:47.944root 11241100x80000000000000004020402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.091b7e496c5bf8812021-12-22 12:44:47.944root 11241100x80000000000000004020403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a53dc49416594542021-12-22 12:44:47.944root 11241100x80000000000000004020404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fba6a6e631d5b19d2021-12-22 12:44:47.945root 11241100x80000000000000004020405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5297c306abedd832021-12-22 12:44:47.945root 11241100x80000000000000004020406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9d7447416994bb62021-12-22 12:44:47.945root 11241100x80000000000000004020407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.453a51c85e0e95ee2021-12-22 12:44:47.945root 11241100x80000000000000004020408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52a0c765617cf6382021-12-22 12:44:47.945root 11241100x80000000000000004020409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37ee15a50253744a2021-12-22 12:44:47.945root 11241100x80000000000000004020410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a93ac7e62a179f772021-12-22 12:44:47.946root 11241100x80000000000000004020411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abc41baca4c0bdaf2021-12-22 12:44:47.946root 11241100x80000000000000004020412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf3b64458674322f2021-12-22 12:44:47.946root 11241100x80000000000000004020413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28a1c80eae77c63b2021-12-22 12:44:47.946root 11241100x80000000000000004020414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0517db5782a7da192021-12-22 12:44:47.946root 11241100x80000000000000004020415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5532eb2b871d3d2f2021-12-22 12:44:47.947root 11241100x80000000000000004020416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:47.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8340f0242ddd23942021-12-22 12:44:47.947root 11241100x80000000000000004020417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6c5da8caae8913c2021-12-22 12:44:48.443root 11241100x80000000000000004020418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dca3316695d0a8652021-12-22 12:44:48.443root 11241100x80000000000000004020419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18a0162c124eb7922021-12-22 12:44:48.443root 11241100x80000000000000004020420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c72377b14c0f7772021-12-22 12:44:48.443root 11241100x80000000000000004020421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24336a7a61e0c1902021-12-22 12:44:48.443root 11241100x80000000000000004020422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9de89e5a386381952021-12-22 12:44:48.443root 11241100x80000000000000004020423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94de589d3f4a45082021-12-22 12:44:48.443root 11241100x80000000000000004020424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0955695a34badc8c2021-12-22 12:44:48.444root 11241100x80000000000000004020425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94b4651bd0e00f032021-12-22 12:44:48.444root 11241100x80000000000000004020426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f51e93a1561c82b92021-12-22 12:44:48.444root 11241100x80000000000000004020427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eac989505b85c832021-12-22 12:44:48.444root 11241100x80000000000000004020428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b2ad193756e7c62021-12-22 12:44:48.444root 11241100x80000000000000004020429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e056af6cc440c6f2021-12-22 12:44:48.444root 11241100x80000000000000004020430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a757de2c082feb72021-12-22 12:44:48.444root 11241100x80000000000000004020431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bef032e6a789f632021-12-22 12:44:48.445root 11241100x80000000000000004020432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93c540443fb79a072021-12-22 12:44:48.445root 11241100x80000000000000004020433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbbaa8c0b001febc2021-12-22 12:44:48.445root 11241100x80000000000000004020434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d841e943b24906a2021-12-22 12:44:48.445root 11241100x80000000000000004020435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5818f2a1aabf7a02021-12-22 12:44:48.445root 11241100x80000000000000004020436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bcc8172d4bf398b2021-12-22 12:44:48.445root 11241100x80000000000000004020437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.717f3981d79b37442021-12-22 12:44:48.446root 11241100x80000000000000004020438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.473d222378590a882021-12-22 12:44:48.446root 11241100x80000000000000004020439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a6c4840f9a0eb872021-12-22 12:44:48.446root 11241100x80000000000000004020440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bd0dc7b81e050692021-12-22 12:44:48.943root 11241100x80000000000000004020441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49a0fe57669cce262021-12-22 12:44:48.943root 11241100x80000000000000004020442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10f1f5108ee2978e2021-12-22 12:44:48.943root 11241100x80000000000000004020443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45a50683a3d730072021-12-22 12:44:48.943root 11241100x80000000000000004020444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.076f7dde6f09c9192021-12-22 12:44:48.944root 11241100x80000000000000004020445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c304c6de5e26849c2021-12-22 12:44:48.944root 11241100x80000000000000004020446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2edfd389fd44aeb42021-12-22 12:44:48.944root 11241100x80000000000000004020447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.970ee0e8ea8a8fac2021-12-22 12:44:48.944root 11241100x80000000000000004020448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d33d41d3da740a42021-12-22 12:44:48.944root 11241100x80000000000000004020449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d9c9b7668d679fb2021-12-22 12:44:48.944root 11241100x80000000000000004020450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74da53b320ce5d342021-12-22 12:44:48.944root 11241100x80000000000000004020451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.654d69fdb727f26c2021-12-22 12:44:48.944root 11241100x80000000000000004020452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5db738408845993d2021-12-22 12:44:48.944root 11241100x80000000000000004020453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a98688c0e1acfd942021-12-22 12:44:48.944root 11241100x80000000000000004020454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb290e064e54cbf82021-12-22 12:44:48.944root 11241100x80000000000000004020455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93bf9fdafb0d41882021-12-22 12:44:48.945root 11241100x80000000000000004020456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.101c395deec90c562021-12-22 12:44:48.945root 11241100x80000000000000004020457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.285d920b786009642021-12-22 12:44:48.945root 11241100x80000000000000004020458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.293a29530acdfd722021-12-22 12:44:48.945root 11241100x80000000000000004020459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.300486160c9f5b1b2021-12-22 12:44:48.945root 11241100x80000000000000004020460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65ff00e5495e72d22021-12-22 12:44:48.945root 11241100x80000000000000004020461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c04b78a06a7d9dea2021-12-22 12:44:48.945root 11241100x80000000000000004020462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e17a09dc54b5b302021-12-22 12:44:48.945root 354300x80000000000000004020463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.244{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-56848-false10.0.1.12-8000- 11241100x80000000000000004020464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dbb6f6eb774e36e2021-12-22 12:44:49.245root 11241100x80000000000000004020465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48594bfad8b4b0032021-12-22 12:44:49.245root 11241100x80000000000000004020466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d73fbb1cb4c50f6c2021-12-22 12:44:49.245root 11241100x80000000000000004020467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bc9f63b87d862162021-12-22 12:44:49.245root 11241100x80000000000000004020468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ded878555b03ee2021-12-22 12:44:49.245root 11241100x80000000000000004020469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68458cb491cffcc62021-12-22 12:44:49.245root 11241100x80000000000000004020470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60763b741881f32e2021-12-22 12:44:49.246root 11241100x80000000000000004020471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ca3b36a7a9459512021-12-22 12:44:49.246root 11241100x80000000000000004020472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c35c994093505f62021-12-22 12:44:49.246root 11241100x80000000000000004020473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21f37db8bb14b7f72021-12-22 12:44:49.246root 11241100x80000000000000004020474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2abc5e6f99e0f1d52021-12-22 12:44:49.246root 11241100x80000000000000004020475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f7b473bcffeb6d52021-12-22 12:44:49.246root 11241100x80000000000000004020476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6749de07429197f02021-12-22 12:44:49.246root 11241100x80000000000000004020477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66a2e11645aff1852021-12-22 12:44:49.246root 11241100x80000000000000004020478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac4bec991638aac2021-12-22 12:44:49.246root 11241100x80000000000000004020479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.576aa916509281872021-12-22 12:44:49.246root 11241100x80000000000000004020480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2431275addeb4a52021-12-22 12:44:49.247root 11241100x80000000000000004020481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1808303288dc9a3e2021-12-22 12:44:49.247root 11241100x80000000000000004020482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.804162cd4de61c502021-12-22 12:44:49.247root 11241100x80000000000000004020483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86c80401d79a22442021-12-22 12:44:49.247root 11241100x80000000000000004020484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bb7ef5f58b556c72021-12-22 12:44:49.247root 11241100x80000000000000004020485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.985a9afd321b57a72021-12-22 12:44:49.247root 11241100x80000000000000004020486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0bf71b516bebe4b2021-12-22 12:44:49.247root 11241100x80000000000000004020487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0a1057f7d6bbd402021-12-22 12:44:49.247root 11241100x80000000000000004020488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b217d1f34193a662021-12-22 12:44:49.693root 11241100x80000000000000004020489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05ddac5bee9e9e332021-12-22 12:44:49.693root 11241100x80000000000000004020490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97796c840db8ecd72021-12-22 12:44:49.694root 11241100x80000000000000004020491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cf55c146a9837ae2021-12-22 12:44:49.694root 11241100x80000000000000004020492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc673fbef0ba8e822021-12-22 12:44:49.694root 11241100x80000000000000004020493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b348c00456d5a3472021-12-22 12:44:49.694root 11241100x80000000000000004020494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86849ec650515ca12021-12-22 12:44:49.694root 11241100x80000000000000004020495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10a8e1103b12de5e2021-12-22 12:44:49.694root 11241100x80000000000000004020496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6720f3f3ebac6e392021-12-22 12:44:49.694root 11241100x80000000000000004020497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecdedc2b10fb82572021-12-22 12:44:49.694root 11241100x80000000000000004020498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea86b023ce2722062021-12-22 12:44:49.694root 11241100x80000000000000004020499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7010c01d524e15832021-12-22 12:44:49.695root 11241100x80000000000000004020500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.552da7554b2d05862021-12-22 12:44:49.695root 11241100x80000000000000004020501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fde8ae494bf133622021-12-22 12:44:49.695root 11241100x80000000000000004020502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae42efd994984a42021-12-22 12:44:49.695root 11241100x80000000000000004020503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c1159d9002e176c2021-12-22 12:44:49.695root 11241100x80000000000000004020504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08d699e4d30962052021-12-22 12:44:49.695root 11241100x80000000000000004020505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98ed911910133dab2021-12-22 12:44:49.695root 11241100x80000000000000004020506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.625214372a5ebe8b2021-12-22 12:44:49.695root 11241100x80000000000000004020507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fe4508691fe846c2021-12-22 12:44:49.695root 11241100x80000000000000004020508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.133e25bd4ec1c2602021-12-22 12:44:49.695root 11241100x80000000000000004020509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c6900488f8ff49d2021-12-22 12:44:49.696root 11241100x80000000000000004020510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe3f10c0fa2d903a2021-12-22 12:44:49.696root 11241100x80000000000000004020511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8061c2ebfe84fa482021-12-22 12:44:49.696root 154100x80000000000000004020512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.787{ec2b6afe-1dc1-61c3-507d-1a7fa8550000}22712/bin/kmod-----insmod rootkit.ko/home/ubuntu/rootkit_testubuntu{ec2b6afe-ff0e-61c2-e803-000000000000}100033no level-{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702/bin/bash-bashubuntu 534500x80000000000000004020513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:49.788{ec2b6afe-1dc1-61c3-507d-1a7fa8550000}22712/bin/kmodubuntu 11241100x80000000000000004020514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ac949c7d468f7a92021-12-22 12:44:50.193root 11241100x80000000000000004020515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9abe6e04e9753402021-12-22 12:44:50.193root 11241100x80000000000000004020516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56f89f12a534cee92021-12-22 12:44:50.194root 11241100x80000000000000004020517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83609c3417348cbe2021-12-22 12:44:50.194root 11241100x80000000000000004020518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aee9bc0a6adeb312021-12-22 12:44:50.194root 11241100x80000000000000004020519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b68acc3dbb6326962021-12-22 12:44:50.194root 11241100x80000000000000004020520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.220be34c2d7c2deb2021-12-22 12:44:50.195root 11241100x80000000000000004020521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b1b31f6060ba1e2021-12-22 12:44:50.195root 11241100x80000000000000004020522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a42fc4e986291cb72021-12-22 12:44:50.195root 11241100x80000000000000004020523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18399dd9fc0d2a7b2021-12-22 12:44:50.195root 11241100x80000000000000004020524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0322c9ed4d003df32021-12-22 12:44:50.195root 11241100x80000000000000004020525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.331153a8835a58732021-12-22 12:44:50.196root 11241100x80000000000000004020526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e15a8d20fd665b122021-12-22 12:44:50.196root 11241100x80000000000000004020527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.054a3f97cae859782021-12-22 12:44:50.196root 11241100x80000000000000004020528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1442577522ba7a972021-12-22 12:44:50.196root 11241100x80000000000000004020529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a40ca2ad6698f5d2021-12-22 12:44:50.196root 11241100x80000000000000004020530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3219920bb638b9402021-12-22 12:44:50.196root 11241100x80000000000000004020531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e08b2baa362c11872021-12-22 12:44:50.196root 11241100x80000000000000004020532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aa942b6745ede6d2021-12-22 12:44:50.196root 11241100x80000000000000004020533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5999b9ecf945cde72021-12-22 12:44:50.196root 11241100x80000000000000004020534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72507f69045ab3362021-12-22 12:44:50.196root 11241100x80000000000000004020535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d700a090276f531c2021-12-22 12:44:50.196root 11241100x80000000000000004020536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa5f0c8922611c6d2021-12-22 12:44:50.197root 11241100x80000000000000004020537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f12cec991674e69d2021-12-22 12:44:50.197root 11241100x80000000000000004020538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a482d61a0b728c802021-12-22 12:44:50.197root 11241100x80000000000000004020539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7af25ed3c82c13042021-12-22 12:44:50.197root 11241100x80000000000000004020540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd015f17b4401c3b2021-12-22 12:44:50.693root 11241100x80000000000000004020541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aca68007d4e321a2021-12-22 12:44:50.693root 11241100x80000000000000004020542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7911cfbd4d2220962021-12-22 12:44:50.694root 11241100x80000000000000004020543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a2f771c4cdfbaf22021-12-22 12:44:50.694root 11241100x80000000000000004020544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2bc9f34935bf03d2021-12-22 12:44:50.694root 11241100x80000000000000004020545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d055db855df89f1e2021-12-22 12:44:50.694root 11241100x80000000000000004020546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b671cd999fea772021-12-22 12:44:50.694root 11241100x80000000000000004020547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9845ed26047e05d82021-12-22 12:44:50.694root 11241100x80000000000000004020548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0221f58fd58f7e322021-12-22 12:44:50.694root 11241100x80000000000000004020549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e69b9a4d39635d0b2021-12-22 12:44:50.694root 11241100x80000000000000004020550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a5b20a7d9a79562021-12-22 12:44:50.694root 11241100x80000000000000004020551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23711da570e5f64f2021-12-22 12:44:50.694root 11241100x80000000000000004020552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23568a4856983bf12021-12-22 12:44:50.694root 11241100x80000000000000004020553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0bede9375f88cb62021-12-22 12:44:50.694root 11241100x80000000000000004020554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bceb5871c2d511c2021-12-22 12:44:50.694root 11241100x80000000000000004020555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d1cb3dcb7c2e1392021-12-22 12:44:50.694root 11241100x80000000000000004020556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a01a3e79c9569c52021-12-22 12:44:50.694root 11241100x80000000000000004020557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b59461bc797c0a982021-12-22 12:44:50.695root 11241100x80000000000000004020558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3df1dcd78226ff3d2021-12-22 12:44:50.695root 11241100x80000000000000004020559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5ef2a33a86217e92021-12-22 12:44:50.695root 11241100x80000000000000004020560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f4aa77e5973d0932021-12-22 12:44:50.695root 11241100x80000000000000004020561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36cc3e03906f43072021-12-22 12:44:50.695root 11241100x80000000000000004020562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebdba94f1276baae2021-12-22 12:44:50.695root 11241100x80000000000000004020563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aedc14d0003ce8d32021-12-22 12:44:50.695root 11241100x80000000000000004020564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23a5bdbc5365f24a2021-12-22 12:44:50.695root 11241100x80000000000000004020565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:50.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e10e5787898f5a542021-12-22 12:44:50.696root 11241100x80000000000000004020566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58be854abf7488d82021-12-22 12:44:51.193root 11241100x80000000000000004020567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19162b02c6f42d2d2021-12-22 12:44:51.193root 11241100x80000000000000004020568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bacc873781073f862021-12-22 12:44:51.193root 11241100x80000000000000004020569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17ae284a5618841d2021-12-22 12:44:51.194root 11241100x80000000000000004020570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33070bd9b83376132021-12-22 12:44:51.194root 11241100x80000000000000004020571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc2cd0d1a47ee5672021-12-22 12:44:51.194root 11241100x80000000000000004020572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.559c4ce7a3c2c3422021-12-22 12:44:51.194root 11241100x80000000000000004020573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0ddb16d1169f1952021-12-22 12:44:51.194root 11241100x80000000000000004020574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f4a5cec728755982021-12-22 12:44:51.194root 11241100x80000000000000004020575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d2b3cf8a0bd6a0e2021-12-22 12:44:51.194root 11241100x80000000000000004020576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1018fee76608f35f2021-12-22 12:44:51.194root 11241100x80000000000000004020577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f6265a512f2a5712021-12-22 12:44:51.194root 11241100x80000000000000004020578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d2ad5288232723a2021-12-22 12:44:51.194root 11241100x80000000000000004020579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82f98fb499d92e732021-12-22 12:44:51.194root 11241100x80000000000000004020580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.804bb77f5b10c8d22021-12-22 12:44:51.195root 11241100x80000000000000004020581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b9b1eeb10e4a1862021-12-22 12:44:51.195root 11241100x80000000000000004020582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60529dd5b83165f92021-12-22 12:44:51.195root 11241100x80000000000000004020583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bf0bd3bec08d60e2021-12-22 12:44:51.195root 11241100x80000000000000004020584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6627003cafbb4932021-12-22 12:44:51.195root 11241100x80000000000000004020585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97418a58e4b936ed2021-12-22 12:44:51.195root 11241100x80000000000000004020586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.941e36a43bdde5f12021-12-22 12:44:51.195root 11241100x80000000000000004020587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa5534f30c954d12021-12-22 12:44:51.195root 11241100x80000000000000004020588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.473a205987c33a1c2021-12-22 12:44:51.196root 11241100x80000000000000004020589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d66d16a07137112021-12-22 12:44:51.196root 11241100x80000000000000004020590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96f79c8e88ccfef52021-12-22 12:44:51.196root 11241100x80000000000000004020591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdbedce40683ab612021-12-22 12:44:51.196root 11241100x80000000000000004020592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.376311a601671b392021-12-22 12:44:51.693root 11241100x80000000000000004020593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6456b762ff5941e12021-12-22 12:44:51.693root 11241100x80000000000000004020594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0d6579bb50f82e92021-12-22 12:44:51.694root 11241100x80000000000000004020595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b29628edc301a9e2021-12-22 12:44:51.694root 11241100x80000000000000004020596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aed851d16ccaffb62021-12-22 12:44:51.694root 11241100x80000000000000004020597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c505e424c4bd71c22021-12-22 12:44:51.694root 11241100x80000000000000004020598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd9ccec7646aae522021-12-22 12:44:51.694root 11241100x80000000000000004020599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.210901ad7173d4642021-12-22 12:44:51.694root 11241100x80000000000000004020600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7add3c9b9467be152021-12-22 12:44:51.694root 11241100x80000000000000004020601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88ceab5ffed4baca2021-12-22 12:44:51.694root 11241100x80000000000000004020602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d98b0d2d712be392021-12-22 12:44:51.694root 11241100x80000000000000004020603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d91115ccb735cd2021-12-22 12:44:51.694root 11241100x80000000000000004020604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e239101ec30520a12021-12-22 12:44:51.694root 11241100x80000000000000004020605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc2ca73117bd331f2021-12-22 12:44:51.694root 11241100x80000000000000004020606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75a969e7286d54522021-12-22 12:44:51.694root 11241100x80000000000000004020607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.890f29d91ba50c112021-12-22 12:44:51.694root 11241100x80000000000000004020608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cf10cc4d8d3a4d22021-12-22 12:44:51.694root 11241100x80000000000000004020609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62ec5235fae67d4c2021-12-22 12:44:51.695root 11241100x80000000000000004020610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bd59b40d118de4e2021-12-22 12:44:51.695root 11241100x80000000000000004020611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2314985aff3158712021-12-22 12:44:51.695root 11241100x80000000000000004020612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.917ced1318d3e0132021-12-22 12:44:51.695root 11241100x80000000000000004020613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f789c126ef5d1bd2021-12-22 12:44:51.695root 11241100x80000000000000004020614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37973320e74979372021-12-22 12:44:51.696root 11241100x80000000000000004020615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f6c6a9e0505f89f2021-12-22 12:44:51.696root 11241100x80000000000000004020616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02184c028ac8628d2021-12-22 12:44:51.696root 11241100x80000000000000004020617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:51.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa32fdaa73be2a782021-12-22 12:44:51.696root 11241100x80000000000000004020618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80d2f121e2d9c9142021-12-22 12:44:52.193root 11241100x80000000000000004020619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b108754252f60bd62021-12-22 12:44:52.193root 11241100x80000000000000004020620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2452342fc4dcb7652021-12-22 12:44:52.194root 11241100x80000000000000004020621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.818af2385809d4722021-12-22 12:44:52.194root 11241100x80000000000000004020622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fe734fd631e60ed2021-12-22 12:44:52.194root 11241100x80000000000000004020623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0c92c1fa9ed89142021-12-22 12:44:52.194root 11241100x80000000000000004020624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e9567111a1c92d22021-12-22 12:44:52.194root 11241100x80000000000000004020625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83014289fd9c35432021-12-22 12:44:52.194root 11241100x80000000000000004020626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e249559cebbb5652021-12-22 12:44:52.194root 11241100x80000000000000004020627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83276b528f19d9462021-12-22 12:44:52.194root 11241100x80000000000000004020628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60ab780a27d966a62021-12-22 12:44:52.194root 11241100x80000000000000004020629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.901fa564c2b682512021-12-22 12:44:52.194root 11241100x80000000000000004020630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33cf5d0b278bdc572021-12-22 12:44:52.194root 11241100x80000000000000004020631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b1c080dd5bdfb7b2021-12-22 12:44:52.194root 11241100x80000000000000004020632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20777e6313e301e22021-12-22 12:44:52.195root 11241100x80000000000000004020633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05fae06b5815f33f2021-12-22 12:44:52.195root 11241100x80000000000000004020634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad56f086be71b83f2021-12-22 12:44:52.195root 11241100x80000000000000004020635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd03b228e48f7b322021-12-22 12:44:52.195root 11241100x80000000000000004020636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e6c7e4baeca500f2021-12-22 12:44:52.195root 11241100x80000000000000004020637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72765a4c1f44f52a2021-12-22 12:44:52.195root 11241100x80000000000000004020638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8f8eb797130e0fd2021-12-22 12:44:52.195root 11241100x80000000000000004020639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6d5414add8247ed2021-12-22 12:44:52.195root 11241100x80000000000000004020640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.554125c2dd466e2e2021-12-22 12:44:52.195root 11241100x80000000000000004020641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d19c2e545c89d712021-12-22 12:44:52.196root 11241100x80000000000000004020642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19e3dce7a67e4ad62021-12-22 12:44:52.196root 11241100x80000000000000004020643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e8dd205d4e28a872021-12-22 12:44:52.196root 11241100x80000000000000004020644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73fd119d13a2ef362021-12-22 12:44:52.693root 11241100x80000000000000004020645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3010b9ee5f0e49cf2021-12-22 12:44:52.693root 11241100x80000000000000004020646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7e1b4064f7959162021-12-22 12:44:52.693root 11241100x80000000000000004020647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af3ba3fef3e1b27e2021-12-22 12:44:52.693root 11241100x80000000000000004020648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b90cc52df47edb32021-12-22 12:44:52.693root 11241100x80000000000000004020649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b07ed5f4e30d91b2021-12-22 12:44:52.694root 11241100x80000000000000004020650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17f41904782287062021-12-22 12:44:52.694root 11241100x80000000000000004020651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e6f1fc0b2138e4b2021-12-22 12:44:52.694root 11241100x80000000000000004020652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c52ec8e096ed8632021-12-22 12:44:52.694root 11241100x80000000000000004020653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34fc3183d2f204e62021-12-22 12:44:52.694root 11241100x80000000000000004020654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b44369cc0dedf4e2021-12-22 12:44:52.695root 11241100x80000000000000004020655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbd5b778f75dae092021-12-22 12:44:52.695root 11241100x80000000000000004020656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8a96251f7d869ee2021-12-22 12:44:52.695root 11241100x80000000000000004020657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d1604cdf97a434b2021-12-22 12:44:52.695root 11241100x80000000000000004020658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d12aff12e7a940602021-12-22 12:44:52.695root 11241100x80000000000000004020659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12ae9ae1657bce822021-12-22 12:44:52.695root 11241100x80000000000000004020660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7a8b981d71aa9e02021-12-22 12:44:52.695root 11241100x80000000000000004020661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.537e1af62c22ec212021-12-22 12:44:52.696root 11241100x80000000000000004020662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45dd714732fe74812021-12-22 12:44:52.696root 11241100x80000000000000004020663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8816ea29b250439d2021-12-22 12:44:52.696root 11241100x80000000000000004020664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8882a32d68b45802021-12-22 12:44:52.696root 11241100x80000000000000004020665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.980e59125296d61a2021-12-22 12:44:52.696root 11241100x80000000000000004020666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b3b4f82ae8653c02021-12-22 12:44:52.696root 11241100x80000000000000004020667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e20ec295194903e2021-12-22 12:44:52.696root 11241100x80000000000000004020668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8035dc0131c628842021-12-22 12:44:52.696root 11241100x80000000000000004020669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3061d39f5c4d69812021-12-22 12:44:52.696root 154100x80000000000000004020670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.886{ec2b6afe-1dc4-61c3-089e-121b51560000}22713/usr/bin/sudo-----sudo insmod rootkit.ko/home/ubuntu/rootkit_testubuntu{ec2b6afe-ff0e-61c2-e803-000000000000}100033no level-{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702/bin/bash-bashubuntu 354300x80000000000000004020671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.890{ec2b6afe-1dc4-61c3-089e-121b51560000}22713/usr/bin/sudoubuntuudptruefalse127.0.0.1-47573-false127.0.0.53-53- 354300x80000000000000004020672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.890{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.25-51370-false10.0.0.2-53- 354300x80000000000000004020673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.890{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.25-37943-false10.0.0.2-53- 354300x80000000000000004020674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.893{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-47573- 354300x80000000000000004020675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.893{ec2b6afe-1dc4-61c3-089e-121b51560000}22713/usr/bin/sudoubuntuudpfalsefalse127.0.0.53-53-false127.0.0.1-52750- 354300x80000000000000004020676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.893{ec2b6afe-1dc4-61c3-089e-121b51560000}22713/usr/bin/sudoubuntuudptruefalse127.0.0.1-52750-false127.0.0.53-53- 354300x80000000000000004020677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.893{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-52750- 154100x80000000000000004020678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.896{ec2b6afe-1dc4-61c3-50cd-dc9663550000}22714/bin/kmod-----insmod rootkit.ko/home/ubuntu/rootkit_testroot{ec2b6afe-0000-0000-0000-000000000000}033no level-{ec2b6afe-1dc4-61c3-089e-121b51560000}22713/usr/bin/sudosudoubuntu 11241100x80000000000000004020679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.900{ec2b6afe-9233-61c1-b8ed-5a3378550000}473/lib/systemd/systemd-udevd/run/udev/queue2021-12-22 12:44:52.900root 534500x80000000000000004020680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.900{ec2b6afe-1dc4-61c3-50cd-dc9663550000}22714/bin/kmodroot 534500x80000000000000004020681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.901{ec2b6afe-1dc4-61c3-089e-121b51560000}22713/usr/bin/sudoroot 23542300x80000000000000004020682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.902{ec2b6afe-9233-61c1-b8ed-5a3378550000}473root/lib/systemd/systemd-udevd/run/udev/queue--- 534500x80000000000000004020683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:52.903{ec2b6afe-1d38-61c3-0000-000000000000}22715-root 11241100x80000000000000004020684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3970bf6697b03c802021-12-22 12:44:53.192root 11241100x80000000000000004020685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2df3646436d32c9e2021-12-22 12:44:53.193root 11241100x80000000000000004020686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff4b6325afa92bbb2021-12-22 12:44:53.193root 11241100x80000000000000004020687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10d9e030c44998e62021-12-22 12:44:53.193root 11241100x80000000000000004020688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.601d96922f176b542021-12-22 12:44:53.193root 11241100x80000000000000004020689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58e23cdff286fa252021-12-22 12:44:53.193root 11241100x80000000000000004020690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5e5d5e5161c87f92021-12-22 12:44:53.193root 11241100x80000000000000004020691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.058d3fff33452da72021-12-22 12:44:53.193root 11241100x80000000000000004020692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14db315db312a9092021-12-22 12:44:53.193root 11241100x80000000000000004020693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf145ab3201c04652021-12-22 12:44:53.194root 11241100x80000000000000004020694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f76034d83d524e582021-12-22 12:44:53.194root 11241100x80000000000000004020695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1f80a6ed1b99c652021-12-22 12:44:53.194root 11241100x80000000000000004020696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a79077827833db9b2021-12-22 12:44:53.194root 11241100x80000000000000004020697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91e23425ca2396862021-12-22 12:44:53.194root 11241100x80000000000000004020698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6b5526231b05c3c2021-12-22 12:44:53.194root 11241100x80000000000000004020699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e34e57c209dfaf222021-12-22 12:44:53.194root 11241100x80000000000000004020700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5dd3e12f27851812021-12-22 12:44:53.194root 11241100x80000000000000004020701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e9336c94df0e09e2021-12-22 12:44:53.194root 11241100x80000000000000004020702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f91319e6b65f7dfa2021-12-22 12:44:53.194root 11241100x80000000000000004020703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01ddf399ccf381422021-12-22 12:44:53.194root 11241100x80000000000000004020704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.583e8f7694f757f82021-12-22 12:44:53.194root 11241100x80000000000000004020705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64346f9afedfa6742021-12-22 12:44:53.194root 11241100x80000000000000004020706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47f7634759f5bd0e2021-12-22 12:44:53.194root 11241100x80000000000000004020707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6cd9a156b5b97ec2021-12-22 12:44:53.194root 11241100x80000000000000004020708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ee5fe0d9a315e4f2021-12-22 12:44:53.194root 11241100x80000000000000004020709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0af3104e92b96c182021-12-22 12:44:53.195root 11241100x80000000000000004020710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a530ecb485b92c32021-12-22 12:44:53.195root 11241100x80000000000000004020711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdbf58db07c00af62021-12-22 12:44:53.195root 11241100x80000000000000004020712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7fc0ad25919faa92021-12-22 12:44:53.195root 11241100x80000000000000004020713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d79753524daa72382021-12-22 12:44:53.195root 11241100x80000000000000004020714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c593b86e36e05fd42021-12-22 12:44:53.195root 11241100x80000000000000004020715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5b2aaee0524ebcd2021-12-22 12:44:53.195root 11241100x80000000000000004020716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97b2c3937a6357642021-12-22 12:44:53.195root 11241100x80000000000000004020717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.819323a456d6d6a22021-12-22 12:44:53.195root 11241100x80000000000000004020718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fb6029b5f330dae2021-12-22 12:44:53.196root 11241100x80000000000000004020719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34a9d3ab8424bfd02021-12-22 12:44:53.196root 11241100x80000000000000004020720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1f736934e9daaf72021-12-22 12:44:53.196root 11241100x80000000000000004020721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8e142da23f8aa3c2021-12-22 12:44:53.196root 11241100x80000000000000004020722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3fd4a9f0d418b762021-12-22 12:44:53.196root 11241100x80000000000000004020723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.169b6993a90da3ed2021-12-22 12:44:53.196root 11241100x80000000000000004020724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3a7b27849ad03082021-12-22 12:44:53.196root 11241100x80000000000000004020725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6a42cacd6b8275c2021-12-22 12:44:53.196root 11241100x80000000000000004020726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5b7af1d5502e0632021-12-22 12:44:53.196root 11241100x80000000000000004020727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77f43b77f418b1e12021-12-22 12:44:53.196root 11241100x80000000000000004020728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e7792ec1fbe5e202021-12-22 12:44:53.196root 11241100x80000000000000004020729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a92a6893db6f59942021-12-22 12:44:53.196root 11241100x80000000000000004020730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cbcee0888ef77872021-12-22 12:44:53.197root 11241100x80000000000000004020731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a790bc75f8a80582021-12-22 12:44:53.197root 11241100x80000000000000004020732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daa139151fa76c222021-12-22 12:44:53.197root 11241100x80000000000000004020733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10717eaa24cce5df2021-12-22 12:44:53.197root 11241100x80000000000000004020734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e77fbb8afbf47a22021-12-22 12:44:53.197root 11241100x80000000000000004020735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb9fcdf42b63c8882021-12-22 12:44:53.197root 11241100x80000000000000004020736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54d02d6b6c4ab8052021-12-22 12:44:53.197root 11241100x80000000000000004020737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b44fb6d22b8c18e62021-12-22 12:44:53.197root 11241100x80000000000000004020738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9386eb67b365d27b2021-12-22 12:44:53.197root 11241100x80000000000000004020739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9690ca367588f1d2021-12-22 12:44:53.197root 11241100x80000000000000004020740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d23662d20f43c37f2021-12-22 12:44:53.197root 11241100x80000000000000004020741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acf75d8539d83dd52021-12-22 12:44:53.197root 11241100x80000000000000004020742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df567d2698a598982021-12-22 12:44:53.197root 11241100x80000000000000004020743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e52a2cd173fcc1f72021-12-22 12:44:53.197root 11241100x80000000000000004020744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e402ceabdd359b32021-12-22 12:44:53.197root 11241100x80000000000000004020745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.680cef9f0418c1042021-12-22 12:44:53.198root 11241100x80000000000000004020746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0d8707d64cbc7f42021-12-22 12:44:53.198root 11241100x80000000000000004020747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57403b4a0f40db0c2021-12-22 12:44:53.198root 11241100x80000000000000004020748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2672b39b8b76f9de2021-12-22 12:44:53.198root 11241100x80000000000000004020749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.365002a5ac1a7a912021-12-22 12:44:53.198root 11241100x80000000000000004020750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ea93e07771bc9aa2021-12-22 12:44:53.692root 11241100x80000000000000004020751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eda5d110d8b1ef492021-12-22 12:44:53.693root 11241100x80000000000000004020752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e407b2c7eb31d0912021-12-22 12:44:53.693root 11241100x80000000000000004020753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c350272ccd8e812021-12-22 12:44:53.693root 11241100x80000000000000004020754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4f9922836ce49de2021-12-22 12:44:53.693root 11241100x80000000000000004020755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54bfb1c1dc94febd2021-12-22 12:44:53.694root 11241100x80000000000000004020756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05dbbec08f8b1c602021-12-22 12:44:53.694root 11241100x80000000000000004020757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdf45c2f81d1fc1b2021-12-22 12:44:53.694root 11241100x80000000000000004020758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c223e7d895978b5a2021-12-22 12:44:53.694root 11241100x80000000000000004020759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68287b73b40085742021-12-22 12:44:53.695root 11241100x80000000000000004020760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a5de33e91fc77d22021-12-22 12:44:53.695root 11241100x80000000000000004020761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e618d48da3a4806c2021-12-22 12:44:53.695root 11241100x80000000000000004020762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93e78ab5652557e62021-12-22 12:44:53.695root 11241100x80000000000000004020763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab15ca286798a15d2021-12-22 12:44:53.696root 11241100x80000000000000004020764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1abdf31ae22536902021-12-22 12:44:53.696root 11241100x80000000000000004020765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2be5d6e530f073c42021-12-22 12:44:53.696root 11241100x80000000000000004020766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7a39e2442ca18622021-12-22 12:44:53.696root 11241100x80000000000000004020767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc9b94931f501cee2021-12-22 12:44:53.696root 11241100x80000000000000004020768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad5cedf9800c34f02021-12-22 12:44:53.696root 11241100x80000000000000004020769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8960f5b283fbc652021-12-22 12:44:53.696root 11241100x80000000000000004020770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22a65eebeb6d926f2021-12-22 12:44:53.696root 11241100x80000000000000004020771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b87517fdeac3f33d2021-12-22 12:44:53.697root 11241100x80000000000000004020772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d6080b27c68e37a2021-12-22 12:44:53.697root 11241100x80000000000000004020773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0ad1622a88b79292021-12-22 12:44:53.697root 11241100x80000000000000004020774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.366fc2e57815f0152021-12-22 12:44:53.697root 11241100x80000000000000004020775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca09c7526a29a2602021-12-22 12:44:53.697root 11241100x80000000000000004020776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f78d2a930e9bc1db2021-12-22 12:44:53.697root 11241100x80000000000000004020777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28545151206aadf12021-12-22 12:44:53.697root 11241100x80000000000000004020778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfbf62d2bb15de812021-12-22 12:44:53.697root 11241100x80000000000000004020779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47964152d36faea12021-12-22 12:44:53.697root 11241100x80000000000000004020780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.157a08c95222720a2021-12-22 12:44:53.698root 11241100x80000000000000004020781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78ea2848d267b8332021-12-22 12:44:53.698root 11241100x80000000000000004020782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8d6a26cb0a089f12021-12-22 12:44:53.698root 11241100x80000000000000004020783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5295c094fa667d072021-12-22 12:44:53.698root 11241100x80000000000000004020784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa51ff9c145fc4e92021-12-22 12:44:53.698root 11241100x80000000000000004020785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba5d093276c94b632021-12-22 12:44:53.698root 11241100x80000000000000004020786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.203c8c17b074c96a2021-12-22 12:44:53.698root 11241100x80000000000000004020787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22e24848c2ce9f2d2021-12-22 12:44:53.698root 11241100x80000000000000004020788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80c7d6da18c43f1e2021-12-22 12:44:53.698root 11241100x80000000000000004020789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.853eb792854f32f92021-12-22 12:44:53.699root 11241100x80000000000000004020790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c74eeea2af621382021-12-22 12:44:53.699root 11241100x80000000000000004020791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15a213abda0f4cee2021-12-22 12:44:53.699root 11241100x80000000000000004020792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afa44a670f9d01fa2021-12-22 12:44:53.699root 11241100x80000000000000004020793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c61af8aeab57dffe2021-12-22 12:44:53.699root 11241100x80000000000000004020794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c47f25945726a2802021-12-22 12:44:53.699root 11241100x80000000000000004020795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:53.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.729652c57595db082021-12-22 12:44:53.699root 11241100x80000000000000004020796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7d75db56e9475a72021-12-22 12:44:54.193root 11241100x80000000000000004020797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.024444e817c7d5ed2021-12-22 12:44:54.193root 11241100x80000000000000004020798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a18b95bd00ccc01e2021-12-22 12:44:54.193root 11241100x80000000000000004020799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39acf6b36a3d25252021-12-22 12:44:54.194root 11241100x80000000000000004020800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08a28e711fec2af02021-12-22 12:44:54.194root 11241100x80000000000000004020801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d58d9a23a0b4cba2021-12-22 12:44:54.194root 11241100x80000000000000004020802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b15f28ac09f5e882021-12-22 12:44:54.194root 11241100x80000000000000004020803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff14ba42c2368a202021-12-22 12:44:54.194root 11241100x80000000000000004020804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b48b5a6487e0c6a2021-12-22 12:44:54.194root 11241100x80000000000000004020805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.280beb57d46ffdef2021-12-22 12:44:54.194root 11241100x80000000000000004020806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cba16c1c9715ca712021-12-22 12:44:54.194root 11241100x80000000000000004020807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90573e3685eeb6572021-12-22 12:44:54.194root 11241100x80000000000000004020808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2169fb1ef19b43d2021-12-22 12:44:54.194root 11241100x80000000000000004020809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82845ad84814ffc72021-12-22 12:44:54.195root 11241100x80000000000000004020810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3647368cbf752d952021-12-22 12:44:54.195root 11241100x80000000000000004020811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7d3fa3d17aafe882021-12-22 12:44:54.195root 11241100x80000000000000004020812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bab7ea4fbb9ca3562021-12-22 12:44:54.195root 11241100x80000000000000004020813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.657212142269474a2021-12-22 12:44:54.195root 11241100x80000000000000004020814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c2bb9bbf95dd41b2021-12-22 12:44:54.195root 11241100x80000000000000004020815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33176ba606c4e2192021-12-22 12:44:54.195root 11241100x80000000000000004020816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.050554432cc4697a2021-12-22 12:44:54.195root 11241100x80000000000000004020817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16b007da65aca6d82021-12-22 12:44:54.196root 11241100x80000000000000004020818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd2ab73b43c8e0f62021-12-22 12:44:54.196root 11241100x80000000000000004020819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37c11ab743301fc32021-12-22 12:44:54.196root 11241100x80000000000000004020820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cb354bbab9c4c6e2021-12-22 12:44:54.196root 11241100x80000000000000004020821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30317357e047d0292021-12-22 12:44:54.196root 11241100x80000000000000004020822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4a690f4f96fe86d2021-12-22 12:44:54.196root 11241100x80000000000000004020823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b2eeb81e1cb94112021-12-22 12:44:54.196root 11241100x80000000000000004020824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19592f817dcb1ed82021-12-22 12:44:54.196root 11241100x80000000000000004020825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7677968003a3a722021-12-22 12:44:54.196root 11241100x80000000000000004020826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c93a508c357e11842021-12-22 12:44:54.196root 11241100x80000000000000004020827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84af2731d50313f12021-12-22 12:44:54.197root 11241100x80000000000000004020828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ab154f473d415342021-12-22 12:44:54.197root 11241100x80000000000000004020829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db93fba5dc0e3e4b2021-12-22 12:44:54.197root 11241100x80000000000000004020830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.362480a8ec0143282021-12-22 12:44:54.197root 11241100x80000000000000004020831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.286febc1199deca52021-12-22 12:44:54.197root 11241100x80000000000000004020832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7a51a3b5ffdf4002021-12-22 12:44:54.197root 11241100x80000000000000004020833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.883f61a59b14673b2021-12-22 12:44:54.197root 11241100x80000000000000004020834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c847ded036218452021-12-22 12:44:54.197root 11241100x80000000000000004020835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c31751f1a7fabfd2021-12-22 12:44:54.197root 11241100x80000000000000004020836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dd62f5b4c1ddab52021-12-22 12:44:54.197root 11241100x80000000000000004020837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1595d2631effa5292021-12-22 12:44:54.198root 11241100x80000000000000004020838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af55e3b6a6d77bab2021-12-22 12:44:54.198root 11241100x80000000000000004020839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e0f7cf57baaa99a2021-12-22 12:44:54.198root 11241100x80000000000000004020840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.390605222818336f2021-12-22 12:44:54.198root 11241100x80000000000000004020841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbe02377508bb9302021-12-22 12:44:54.198root 11241100x80000000000000004020842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.194fde6263850dc32021-12-22 12:44:54.198root 11241100x80000000000000004020843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.525cfe2504dc703d2021-12-22 12:44:54.198root 11241100x80000000000000004020844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e441788030ab0ba2021-12-22 12:44:54.693root 11241100x80000000000000004020845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e6fd578947b2d082021-12-22 12:44:54.693root 11241100x80000000000000004020846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dde01ae099a7c692021-12-22 12:44:54.693root 11241100x80000000000000004020847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54d711d19d762ac02021-12-22 12:44:54.693root 11241100x80000000000000004020848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62b8685b5df7a8142021-12-22 12:44:54.693root 11241100x80000000000000004020849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc92ddc715382fde2021-12-22 12:44:54.693root 11241100x80000000000000004020850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0eed9fc4dda453c2021-12-22 12:44:54.694root 11241100x80000000000000004020851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48c4cd7c033e3dfb2021-12-22 12:44:54.694root 11241100x80000000000000004020852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2747344e37346f92021-12-22 12:44:54.694root 11241100x80000000000000004020853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e4501b039b4309f2021-12-22 12:44:54.694root 11241100x80000000000000004020854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5370572728e46092021-12-22 12:44:54.694root 11241100x80000000000000004020855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2b4cf9ddfb82a412021-12-22 12:44:54.694root 11241100x80000000000000004020856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.965fc7a983a5ff232021-12-22 12:44:54.694root 11241100x80000000000000004020857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ddb85ecb9e6dcc72021-12-22 12:44:54.694root 11241100x80000000000000004020858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ae6c74cb70639e02021-12-22 12:44:54.694root 11241100x80000000000000004020859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f1f0d307f29261c2021-12-22 12:44:54.695root 11241100x80000000000000004020860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c25cbd9d863b25e2021-12-22 12:44:54.695root 11241100x80000000000000004020861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b9a03cee2c972702021-12-22 12:44:54.695root 11241100x80000000000000004020862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb4e962a487f0cd72021-12-22 12:44:54.695root 11241100x80000000000000004020863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.097a0f19c4e7baa52021-12-22 12:44:54.695root 11241100x80000000000000004020864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.539156dfaea81b222021-12-22 12:44:54.695root 11241100x80000000000000004020865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86e19b79d854b95c2021-12-22 12:44:54.695root 11241100x80000000000000004020866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2de96a5d5e15c88f2021-12-22 12:44:54.695root 11241100x80000000000000004020867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.086fb3f65d2b1c1c2021-12-22 12:44:54.695root 11241100x80000000000000004020868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaa973258f90bda52021-12-22 12:44:54.696root 11241100x80000000000000004020869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9619d67e7c5b6462021-12-22 12:44:54.696root 11241100x80000000000000004020870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dcff386d4a8bdce2021-12-22 12:44:54.696root 11241100x80000000000000004020871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08a449f9d15291de2021-12-22 12:44:54.696root 11241100x80000000000000004020872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2023cc3bc13af49a2021-12-22 12:44:54.696root 11241100x80000000000000004020873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f456da94fc56db462021-12-22 12:44:54.696root 11241100x80000000000000004020874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f68b109a0fde43c2021-12-22 12:44:54.696root 11241100x80000000000000004020875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fa911984169127b2021-12-22 12:44:54.696root 11241100x80000000000000004020876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff03c020bf8af6752021-12-22 12:44:54.697root 11241100x80000000000000004020877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b67488c2b9dc5f232021-12-22 12:44:54.697root 11241100x80000000000000004020878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07af3e8d8055d4db2021-12-22 12:44:54.697root 11241100x80000000000000004020879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa2b983afeda4d12021-12-22 12:44:54.697root 11241100x80000000000000004020880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.155ecf49ae3fbab72021-12-22 12:44:54.698root 11241100x80000000000000004020881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c107312b11405b42021-12-22 12:44:54.698root 11241100x80000000000000004020882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73ca7a83ac396b452021-12-22 12:44:54.698root 11241100x80000000000000004020883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.596704b2c33dc6bf2021-12-22 12:44:54.698root 11241100x80000000000000004020884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28f741a5606f68042021-12-22 12:44:54.699root 11241100x80000000000000004020885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac7bca5f998ec74d2021-12-22 12:44:54.699root 11241100x80000000000000004020886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00c454c77f122bbb2021-12-22 12:44:54.699root 11241100x80000000000000004020887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:54.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9fb50ae4b3cdcc02021-12-22 12:44:54.699root 354300x80000000000000004020888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.151{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-56850-false10.0.1.12-8000- 11241100x80000000000000004020889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.152{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6025d2e7f610dff2021-12-22 12:44:55.152root 11241100x80000000000000004020890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.152{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff3039d46d2513522021-12-22 12:44:55.152root 11241100x80000000000000004020891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.152{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a0a1a2bab77e7002021-12-22 12:44:55.152root 11241100x80000000000000004020892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.152{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a20c23e8908565a12021-12-22 12:44:55.152root 11241100x80000000000000004020893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.152{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def5b24d59698e232021-12-22 12:44:55.152root 11241100x80000000000000004020894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.152{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d9b95972678484b2021-12-22 12:44:55.152root 11241100x80000000000000004020895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.549f87f911cca54a2021-12-22 12:44:55.153root 11241100x80000000000000004020896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d3e921de3991a232021-12-22 12:44:55.153root 11241100x80000000000000004020897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4ba13094a79a1972021-12-22 12:44:55.153root 11241100x80000000000000004020898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc36b744c16c39412021-12-22 12:44:55.153root 11241100x80000000000000004020899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.237c57ff7b74b8792021-12-22 12:44:55.153root 11241100x80000000000000004020900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dae2cef502e54922021-12-22 12:44:55.153root 11241100x80000000000000004020901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2679026252ae68c2021-12-22 12:44:55.153root 11241100x80000000000000004020902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f44dfd7cd0db1a542021-12-22 12:44:55.153root 11241100x80000000000000004020903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdcea474c51dc1022021-12-22 12:44:55.153root 11241100x80000000000000004020904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.254c84349d610e362021-12-22 12:44:55.153root 11241100x80000000000000004020905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da04294eb0456f422021-12-22 12:44:55.153root 11241100x80000000000000004020906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8c20dfe3f10a0c92021-12-22 12:44:55.153root 11241100x80000000000000004020907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71fd56f7b44ac7722021-12-22 12:44:55.153root 11241100x80000000000000004020908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8697d6b48cd337f92021-12-22 12:44:55.153root 11241100x80000000000000004020909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c46d8382a0be71852021-12-22 12:44:55.153root 11241100x80000000000000004020910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.154{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfc057cf54d35fe02021-12-22 12:44:55.154root 11241100x80000000000000004020911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.154{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf21c54d4efa83552021-12-22 12:44:55.154root 11241100x80000000000000004020912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.154{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78c9dbffaacceb932021-12-22 12:44:55.154root 11241100x80000000000000004020913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.154{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46943a90dee5fdb62021-12-22 12:44:55.154root 11241100x80000000000000004020914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.154{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f03baaf23d28a132021-12-22 12:44:55.154root 11241100x80000000000000004020915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.154{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68da68c9b6cd83232021-12-22 12:44:55.154root 11241100x80000000000000004020916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.154{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbc417bbbb4a0aa82021-12-22 12:44:55.154root 11241100x80000000000000004020917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.154{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25fc79cf97161dc62021-12-22 12:44:55.154root 11241100x80000000000000004020918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.154{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8eb4a483e0ee4c02021-12-22 12:44:55.154root 11241100x80000000000000004020919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.154{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.505e5c616cb9c8fb2021-12-22 12:44:55.154root 11241100x80000000000000004020920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.154{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.575145205e28a5952021-12-22 12:44:55.154root 11241100x80000000000000004020921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.154{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c2085c9f75ef6b72021-12-22 12:44:55.154root 11241100x80000000000000004020922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.154{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6879109191cb260a2021-12-22 12:44:55.154root 11241100x80000000000000004020923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.154{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c48736dc7ec67a2021-12-22 12:44:55.154root 11241100x80000000000000004020924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.154{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e9b81af32934d362021-12-22 12:44:55.154root 11241100x80000000000000004020925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.155{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a21d99a75dd24682021-12-22 12:44:55.155root 11241100x80000000000000004020926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.155{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f789773003c9190f2021-12-22 12:44:55.155root 11241100x80000000000000004020927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.155{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.083917673129b76f2021-12-22 12:44:55.155root 11241100x80000000000000004020928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.155{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fe2aa178d44924e2021-12-22 12:44:55.155root 11241100x80000000000000004020929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.155{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7ad34867410cb252021-12-22 12:44:55.155root 11241100x80000000000000004020930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.155{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d5596c766e336242021-12-22 12:44:55.155root 11241100x80000000000000004020931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.155{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c306f462b427d5672021-12-22 12:44:55.155root 11241100x80000000000000004020932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.155{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c011f36732a31712021-12-22 12:44:55.155root 11241100x80000000000000004020933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.155{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3a2e9c823c0c9ac2021-12-22 12:44:55.155root 11241100x80000000000000004020934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.155{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a09bf79d18265bb42021-12-22 12:44:55.155root 11241100x80000000000000004020935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.155{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11ace3ef380d9d7c2021-12-22 12:44:55.155root 11241100x80000000000000004020936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.155{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eab374db69883b5d2021-12-22 12:44:55.155root 11241100x80000000000000004020937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.156{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.919dfa51dead281e2021-12-22 12:44:55.156root 11241100x80000000000000004020938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.156{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e92486e399f3f92021-12-22 12:44:55.156root 11241100x80000000000000004020939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.156{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3058c148fd8fe58a2021-12-22 12:44:55.156root 11241100x80000000000000004020940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.156{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.492ea85ec51cef882021-12-22 12:44:55.156root 11241100x80000000000000004020941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.156{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18a2cbf0280581562021-12-22 12:44:55.156root 11241100x80000000000000004020942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.156{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.909e10420a1b140a2021-12-22 12:44:55.156root 11241100x80000000000000004020943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.156{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caa58f7020c1c2272021-12-22 12:44:55.156root 11241100x80000000000000004020944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.156{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2af3bf2eacaf758c2021-12-22 12:44:55.156root 11241100x80000000000000004020945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.156{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8004ea57cb2a76422021-12-22 12:44:55.156root 11241100x80000000000000004020946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.156{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1700f752f508f5392021-12-22 12:44:55.156root 11241100x80000000000000004020947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a1f2833134015492021-12-22 12:44:55.157root 11241100x80000000000000004020948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6731c0ecaea72532021-12-22 12:44:55.157root 11241100x80000000000000004020949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05fe894f951b44842021-12-22 12:44:55.157root 11241100x80000000000000004020950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc28bc7ba09845e32021-12-22 12:44:55.157root 11241100x80000000000000004020951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46dc09b4f66044662021-12-22 12:44:55.157root 11241100x80000000000000004020952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75700ccd1a262c402021-12-22 12:44:55.157root 11241100x80000000000000004020953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9be4fa81c01edbd82021-12-22 12:44:55.157root 11241100x80000000000000004020954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37855750337798022021-12-22 12:44:55.157root 11241100x80000000000000004020955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4959bcde4d5af6a02021-12-22 12:44:55.157root 11241100x80000000000000004020956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.363cf3d5fe3903c72021-12-22 12:44:55.157root 11241100x80000000000000004020957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.158{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a03409e54c01fe752021-12-22 12:44:55.158root 11241100x80000000000000004020958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.158{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.373d55cf17dba7162021-12-22 12:44:55.158root 154100x80000000000000004020959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.170{ec2b6afe-1dc7-61c3-504d-42775a550000}22716/bin/kmod-----lsmod/home/ubuntu/rootkit_testubuntu{ec2b6afe-ff0e-61c2-e803-000000000000}100033no level-{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702/bin/bash-bashubuntu 534500x80000000000000004020960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.175{ec2b6afe-1dc7-61c3-504d-42775a550000}22716/bin/kmodubuntu 11241100x80000000000000004020961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08da1a87cbe8e6a12021-12-22 12:44:55.443root 11241100x80000000000000004020962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e42be58b6e0b302021-12-22 12:44:55.443root 11241100x80000000000000004020963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d0586e43c97c9542021-12-22 12:44:55.443root 11241100x80000000000000004020964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.699c9622ca1ab2452021-12-22 12:44:55.444root 11241100x80000000000000004020965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a5ce1a374e1afb22021-12-22 12:44:55.444root 11241100x80000000000000004020966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1ece91b877026192021-12-22 12:44:55.444root 11241100x80000000000000004020967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97b362c173bc4062021-12-22 12:44:55.444root 11241100x80000000000000004020968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15eff93150e4a6912021-12-22 12:44:55.444root 11241100x80000000000000004020969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db0c4bfb9c10a1732021-12-22 12:44:55.444root 11241100x80000000000000004020970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38b467c2a367703d2021-12-22 12:44:55.444root 11241100x80000000000000004020971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.668094f7112571ee2021-12-22 12:44:55.444root 11241100x80000000000000004020972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3399774731b8d2a02021-12-22 12:44:55.444root 11241100x80000000000000004020973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7693f83f8c2253182021-12-22 12:44:55.444root 11241100x80000000000000004020974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.098535954cb1b8c52021-12-22 12:44:55.444root 11241100x80000000000000004020975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af8fc0d50ae0c3fd2021-12-22 12:44:55.444root 11241100x80000000000000004020976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33ec1552da493dcc2021-12-22 12:44:55.444root 11241100x80000000000000004020977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eb7207fe419a59b2021-12-22 12:44:55.445root 11241100x80000000000000004020978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a378f3a454a1f81d2021-12-22 12:44:55.445root 11241100x80000000000000004020979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c1bd0636f9a74442021-12-22 12:44:55.445root 11241100x80000000000000004020980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfb02c6d3c613fb72021-12-22 12:44:55.445root 11241100x80000000000000004020981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d52aeade58fbedb62021-12-22 12:44:55.445root 11241100x80000000000000004020982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51c5c7baca2081912021-12-22 12:44:55.445root 11241100x80000000000000004020983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d94c2c34be9c41572021-12-22 12:44:55.445root 11241100x80000000000000004020984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be14fa15ca6051a2021-12-22 12:44:55.445root 11241100x80000000000000004020985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9982e0f5be1c8c5d2021-12-22 12:44:55.445root 11241100x80000000000000004020986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82754223df0d98eb2021-12-22 12:44:55.445root 11241100x80000000000000004020987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38f2540dedece9e72021-12-22 12:44:55.445root 11241100x80000000000000004020988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dd723e74a4e463d2021-12-22 12:44:55.445root 11241100x80000000000000004020989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3114132aece102eb2021-12-22 12:44:55.445root 11241100x80000000000000004020990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5230091c015f11462021-12-22 12:44:55.445root 11241100x80000000000000004020991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b32a9922a93caf212021-12-22 12:44:55.445root 11241100x80000000000000004020992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.795baf3eea0074c42021-12-22 12:44:55.445root 11241100x80000000000000004020993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6422c47facab54262021-12-22 12:44:55.446root 11241100x80000000000000004020994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d966ffd8255450e2021-12-22 12:44:55.446root 11241100x80000000000000004020995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3361f3464c7424e2021-12-22 12:44:55.446root 11241100x80000000000000004020996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f527eca0982d4ff22021-12-22 12:44:55.446root 11241100x80000000000000004020997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83d51bd610b492da2021-12-22 12:44:55.446root 11241100x80000000000000004020998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd87fc5929e1a7882021-12-22 12:44:55.446root 11241100x80000000000000004020999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62cf387b1e3eae402021-12-22 12:44:55.446root 11241100x80000000000000004021000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d129e92bb3cd6da2021-12-22 12:44:55.446root 11241100x80000000000000004021001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7287ae8ac76a05da2021-12-22 12:44:55.446root 11241100x80000000000000004021002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6536dd03cc95c6cc2021-12-22 12:44:55.446root 11241100x80000000000000004021003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba322da8c1437a792021-12-22 12:44:55.446root 11241100x80000000000000004021004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bd455cce6a8bd0a2021-12-22 12:44:55.446root 11241100x80000000000000004021005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec251b592096d8bf2021-12-22 12:44:55.446root 11241100x80000000000000004021006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a32dea2c64211382021-12-22 12:44:55.943root 11241100x80000000000000004021007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12e1663dca1b3bdf2021-12-22 12:44:55.943root 11241100x80000000000000004021008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c190e18245cb8fe12021-12-22 12:44:55.943root 11241100x80000000000000004021009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c00e69d865299352021-12-22 12:44:55.943root 11241100x80000000000000004021010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b8f7502a91feca22021-12-22 12:44:55.943root 11241100x80000000000000004021011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3126a27fd2afb132021-12-22 12:44:55.943root 11241100x80000000000000004021012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.705bb321776041972021-12-22 12:44:55.943root 11241100x80000000000000004021013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dffa1810576b7922021-12-22 12:44:55.943root 11241100x80000000000000004021014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e55662389701459c2021-12-22 12:44:55.943root 11241100x80000000000000004021015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.321258771885e5102021-12-22 12:44:55.944root 11241100x80000000000000004021016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5df682656a5fb9322021-12-22 12:44:55.944root 11241100x80000000000000004021017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf2f5f30c79f20ff2021-12-22 12:44:55.944root 11241100x80000000000000004021018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19a4bff20fc0ea9b2021-12-22 12:44:55.944root 11241100x80000000000000004021019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.267c1d3bbd9648352021-12-22 12:44:55.944root 11241100x80000000000000004021020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.757b23750e4c05a92021-12-22 12:44:55.944root 11241100x80000000000000004021021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f69effe549113d92021-12-22 12:44:55.944root 11241100x80000000000000004021022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c77082684ba06bd22021-12-22 12:44:55.944root 11241100x80000000000000004021023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4083e1d3f7f779882021-12-22 12:44:55.944root 11241100x80000000000000004021024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c957d26a98763c92021-12-22 12:44:55.944root 11241100x80000000000000004021025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ec79303a53b1ae42021-12-22 12:44:55.945root 11241100x80000000000000004021026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdcc9d17f4d24d212021-12-22 12:44:55.945root 11241100x80000000000000004021027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.661dc7a1d50de9012021-12-22 12:44:55.945root 11241100x80000000000000004021028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.871efdab93cb61432021-12-22 12:44:55.945root 11241100x80000000000000004021029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ed82560a3f1e5732021-12-22 12:44:55.945root 11241100x80000000000000004021030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37760ec834514db32021-12-22 12:44:55.945root 11241100x80000000000000004021031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c19548cf2beb17e2021-12-22 12:44:55.945root 11241100x80000000000000004021032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01cda799727082062021-12-22 12:44:55.945root 11241100x80000000000000004021033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02a9da72740d16be2021-12-22 12:44:55.945root 11241100x80000000000000004021034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfa503a6f38dbc2f2021-12-22 12:44:55.945root 11241100x80000000000000004021035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6dc3731445fc0cf2021-12-22 12:44:55.946root 11241100x80000000000000004021036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f4712a8cbcacc932021-12-22 12:44:55.946root 11241100x80000000000000004021037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a31fb86caf2d18852021-12-22 12:44:55.946root 11241100x80000000000000004021038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e9c8ecef6a12c9d2021-12-22 12:44:55.946root 11241100x80000000000000004021039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ff158bacb097b942021-12-22 12:44:55.946root 11241100x80000000000000004021040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1179d4ef773c2ca62021-12-22 12:44:55.946root 11241100x80000000000000004021041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.881e1d19dd61e6b92021-12-22 12:44:55.946root 11241100x80000000000000004021042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b65c6b0b0c456b152021-12-22 12:44:55.946root 11241100x80000000000000004021043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab08a77e940103e82021-12-22 12:44:55.946root 11241100x80000000000000004021044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d170c599678a87b2021-12-22 12:44:55.946root 11241100x80000000000000004021045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50c863ef78a3c9e02021-12-22 12:44:55.946root 11241100x80000000000000004021046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee0f995107e962632021-12-22 12:44:55.947root 11241100x80000000000000004021047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9048fffae335e4b2021-12-22 12:44:55.947root 11241100x80000000000000004021048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f154c3d0a9a77bfd2021-12-22 12:44:55.947root 11241100x80000000000000004021049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a4a953c8e6214362021-12-22 12:44:55.947root 11241100x80000000000000004021050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38520fb5a7554c8b2021-12-22 12:44:55.947root 11241100x80000000000000004021051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:55.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.880d95a9b15ed54c2021-12-22 12:44:55.947root 11241100x80000000000000004021052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cfc6d2fc32ed1dc2021-12-22 12:44:56.443root 11241100x80000000000000004021053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a48b694aaaa7b43d2021-12-22 12:44:56.443root 11241100x80000000000000004021054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.277a8dd36adda6c12021-12-22 12:44:56.443root 11241100x80000000000000004021055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b44ac5a9b5d93af22021-12-22 12:44:56.443root 11241100x80000000000000004021056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e67207ecb5069f72021-12-22 12:44:56.444root 11241100x80000000000000004021057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba7a6c893b4592642021-12-22 12:44:56.444root 11241100x80000000000000004021058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1abd4e04e3f674222021-12-22 12:44:56.444root 11241100x80000000000000004021059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee1175d7b14a13102021-12-22 12:44:56.444root 11241100x80000000000000004021060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.731c88fdf6893b122021-12-22 12:44:56.444root 11241100x80000000000000004021061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aea2925d41e4213f2021-12-22 12:44:56.444root 11241100x80000000000000004021062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b724e14b60c1ad12021-12-22 12:44:56.444root 11241100x80000000000000004021063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e18d2befa4e874ba2021-12-22 12:44:56.444root 11241100x80000000000000004021064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.750b4c3ee7a2403f2021-12-22 12:44:56.444root 11241100x80000000000000004021065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9037fe2a7e3d3492021-12-22 12:44:56.444root 11241100x80000000000000004021066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b695f7836cc865562021-12-22 12:44:56.444root 11241100x80000000000000004021067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1500164d70d82e8f2021-12-22 12:44:56.444root 11241100x80000000000000004021068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a845dca170b3bfc22021-12-22 12:44:56.444root 11241100x80000000000000004021069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.688ca03b3d3658302021-12-22 12:44:56.444root 11241100x80000000000000004021070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b4c54b9ed1d3f22021-12-22 12:44:56.445root 11241100x80000000000000004021071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e846f470e2954d4e2021-12-22 12:44:56.445root 11241100x80000000000000004021072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e9cb00b6d1fad4c2021-12-22 12:44:56.445root 11241100x80000000000000004021073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52175f86d541ba062021-12-22 12:44:56.445root 11241100x80000000000000004021074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00393c72833217e12021-12-22 12:44:56.445root 11241100x80000000000000004021075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a7a7b3663d070dc2021-12-22 12:44:56.445root 11241100x80000000000000004021076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c654198ea30595c72021-12-22 12:44:56.445root 11241100x80000000000000004021077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c77457dc36dd53a2021-12-22 12:44:56.445root 11241100x80000000000000004021078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.307e77530e864d982021-12-22 12:44:56.445root 11241100x80000000000000004021079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab9fa30a647ded0c2021-12-22 12:44:56.445root 11241100x80000000000000004021080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.647079a43ddca4522021-12-22 12:44:56.445root 11241100x80000000000000004021081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc1eab185a721f072021-12-22 12:44:56.445root 11241100x80000000000000004021082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4626e2fed5435a0c2021-12-22 12:44:56.445root 11241100x80000000000000004021083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67f28672ab5a5caf2021-12-22 12:44:56.445root 11241100x80000000000000004021084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e8dd5b395f854f02021-12-22 12:44:56.445root 11241100x80000000000000004021085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8649bfe59d6d8322021-12-22 12:44:56.446root 11241100x80000000000000004021086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2fa008d87afa38c2021-12-22 12:44:56.446root 11241100x80000000000000004021087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fa34de34db76d8e2021-12-22 12:44:56.446root 11241100x80000000000000004021088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e39320a2935022362021-12-22 12:44:56.446root 11241100x80000000000000004021089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6ae436466dccbe52021-12-22 12:44:56.446root 11241100x80000000000000004021090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e78b71e6c30ebae2021-12-22 12:44:56.446root 11241100x80000000000000004021091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82f4a80acc32dce42021-12-22 12:44:56.446root 11241100x80000000000000004021092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d01a9dfb38b9ddc72021-12-22 12:44:56.446root 11241100x80000000000000004021093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82201f2437153fbe2021-12-22 12:44:56.446root 11241100x80000000000000004021094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df6dab2ae5cf784c2021-12-22 12:44:56.446root 11241100x80000000000000004021095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89578e31387a12fb2021-12-22 12:44:56.446root 11241100x80000000000000004021096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20702e0fb3b69df52021-12-22 12:44:56.942root 11241100x80000000000000004021097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5020cef36dea13532021-12-22 12:44:56.943root 11241100x80000000000000004021098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff151346289b6b6a2021-12-22 12:44:56.943root 11241100x80000000000000004021099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e93807f41e22e5552021-12-22 12:44:56.943root 11241100x80000000000000004021100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1013acf5edf6d6862021-12-22 12:44:56.943root 11241100x80000000000000004021101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50a86bdc0cc0b5682021-12-22 12:44:56.943root 11241100x80000000000000004021102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2ae435d6a4f9d262021-12-22 12:44:56.943root 11241100x80000000000000004021103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.425017a6dc68043e2021-12-22 12:44:56.943root 11241100x80000000000000004021104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.829ce3c858f871372021-12-22 12:44:56.943root 11241100x80000000000000004021105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8759891edc67bf4c2021-12-22 12:44:56.944root 11241100x80000000000000004021106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e304246404b2d2352021-12-22 12:44:56.944root 11241100x80000000000000004021107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b5d0d0ca57e91f82021-12-22 12:44:56.944root 11241100x80000000000000004021108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40f6143bb1c84f942021-12-22 12:44:56.944root 11241100x80000000000000004021109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3601d3abffb7cab12021-12-22 12:44:56.944root 11241100x80000000000000004021110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f740e25e43c6c24d2021-12-22 12:44:56.944root 11241100x80000000000000004021111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1007451957a23f322021-12-22 12:44:56.944root 11241100x80000000000000004021112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.907dd0e4a79fc94c2021-12-22 12:44:56.944root 11241100x80000000000000004021113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12029f18c800cb4f2021-12-22 12:44:56.945root 11241100x80000000000000004021114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ce6ccdf965510192021-12-22 12:44:56.945root 11241100x80000000000000004021115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e06c8377b93966b2021-12-22 12:44:56.945root 11241100x80000000000000004021116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f846700bdc25d8a2021-12-22 12:44:56.945root 11241100x80000000000000004021117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67c183a1238ec5232021-12-22 12:44:56.945root 11241100x80000000000000004021118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.628ba401caed1e692021-12-22 12:44:56.945root 11241100x80000000000000004021119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea9942f8f2a3a5de2021-12-22 12:44:56.945root 11241100x80000000000000004021120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c37b771451d94fe82021-12-22 12:44:56.946root 11241100x80000000000000004021121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.099de28688e0a85e2021-12-22 12:44:56.946root 11241100x80000000000000004021122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83a940b94bfc2e592021-12-22 12:44:56.946root 11241100x80000000000000004021123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e31f30e3ae042b02021-12-22 12:44:56.946root 11241100x80000000000000004021124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a0b372237e5e862021-12-22 12:44:56.948root 11241100x80000000000000004021125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.214c46a08377cc3b2021-12-22 12:44:56.948root 11241100x80000000000000004021126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.292b56bb41abfcf22021-12-22 12:44:56.948root 11241100x80000000000000004021127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f7f86380210a0282021-12-22 12:44:56.948root 11241100x80000000000000004021128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.046c361ab52b68822021-12-22 12:44:56.948root 11241100x80000000000000004021129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b129cba8120ad4c32021-12-22 12:44:56.949root 11241100x80000000000000004021130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cde6c74a4e66f2882021-12-22 12:44:56.949root 11241100x80000000000000004021131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e8f530922c2ac632021-12-22 12:44:56.949root 11241100x80000000000000004021132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c39f1191b9b7d3a92021-12-22 12:44:56.949root 11241100x80000000000000004021133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0a948c86d72dc0c2021-12-22 12:44:56.949root 11241100x80000000000000004021134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfd869b23a263f032021-12-22 12:44:56.949root 11241100x80000000000000004021135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55bcee128d878c9b2021-12-22 12:44:56.949root 11241100x80000000000000004021136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e92dc78538428192021-12-22 12:44:56.949root 11241100x80000000000000004021137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.559bbca267beede12021-12-22 12:44:56.950root 11241100x80000000000000004021138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58e550da4d10819c2021-12-22 12:44:56.950root 11241100x80000000000000004021139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6881717bb1f68a22021-12-22 12:44:56.950root 11241100x80000000000000004021140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3030f94f4d42f7062021-12-22 12:44:56.950root 11241100x80000000000000004021141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a2883ee88ffcf852021-12-22 12:44:56.951root 11241100x80000000000000004021142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fb603a12b60dc552021-12-22 12:44:56.951root 11241100x80000000000000004021143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7f16367aebbef2a2021-12-22 12:44:56.952root 11241100x80000000000000004021144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea7b551f0354f8f72021-12-22 12:44:56.952root 11241100x80000000000000004021145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:56.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3f263691223fd742021-12-22 12:44:56.952root 11241100x80000000000000004021146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aaff78695ae5f992021-12-22 12:44:57.443root 11241100x80000000000000004021147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bdcdee4537f3d8d2021-12-22 12:44:57.443root 11241100x80000000000000004021148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e191bb4e93869db2021-12-22 12:44:57.444root 11241100x80000000000000004021149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.325255bf89e570bd2021-12-22 12:44:57.444root 11241100x80000000000000004021150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e6b060120dce942021-12-22 12:44:57.444root 11241100x80000000000000004021151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff7b707f96951d972021-12-22 12:44:57.444root 11241100x80000000000000004021152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1cf3d23436ddf282021-12-22 12:44:57.444root 11241100x80000000000000004021153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11e8e25c3214c5ef2021-12-22 12:44:57.444root 11241100x80000000000000004021154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5054b3549dfa23452021-12-22 12:44:57.445root 11241100x80000000000000004021155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4b8cdf50b4c0232021-12-22 12:44:57.445root 11241100x80000000000000004021156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef268de5a72edd5e2021-12-22 12:44:57.445root 11241100x80000000000000004021157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ff2ed33d535a1302021-12-22 12:44:57.445root 11241100x80000000000000004021158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05c57a315084f26f2021-12-22 12:44:57.445root 11241100x80000000000000004021159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfa73b0fb94d7cc82021-12-22 12:44:57.445root 11241100x80000000000000004021160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.653f1b5873cae3d62021-12-22 12:44:57.445root 11241100x80000000000000004021161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b70a1531a66769da2021-12-22 12:44:57.445root 11241100x80000000000000004021162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f912dd24664b3fcc2021-12-22 12:44:57.445root 11241100x80000000000000004021163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df62a0b6ad12b3432021-12-22 12:44:57.445root 11241100x80000000000000004021164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5c96eabd91b8b1a2021-12-22 12:44:57.446root 11241100x80000000000000004021165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bd4508861a6d88a2021-12-22 12:44:57.446root 11241100x80000000000000004021166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8727f36d34c4ba7c2021-12-22 12:44:57.446root 11241100x80000000000000004021167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96e2aaba925f2f3b2021-12-22 12:44:57.446root 11241100x80000000000000004021168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d65f0986d14e0a002021-12-22 12:44:57.446root 11241100x80000000000000004021169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3fdfe3c5769f3972021-12-22 12:44:57.446root 11241100x80000000000000004021170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9422a1126f8cfd02021-12-22 12:44:57.446root 11241100x80000000000000004021171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e3cc25f2edb2afb2021-12-22 12:44:57.446root 11241100x80000000000000004021172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.880068b203d017682021-12-22 12:44:57.446root 11241100x80000000000000004021173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea598b01e9c43f402021-12-22 12:44:57.446root 11241100x80000000000000004021174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6e5f56b80fdfebe2021-12-22 12:44:57.447root 11241100x80000000000000004021175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fbbb4a9fd91a14b2021-12-22 12:44:57.447root 11241100x80000000000000004021176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94770224ef475e102021-12-22 12:44:57.447root 11241100x80000000000000004021177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78bd2f12d88e89902021-12-22 12:44:57.447root 11241100x80000000000000004021178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30db5f3661c379ca2021-12-22 12:44:57.448root 11241100x80000000000000004021179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56f37d43e075b8f32021-12-22 12:44:57.448root 11241100x80000000000000004021180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5383c969dca8ceeb2021-12-22 12:44:57.449root 11241100x80000000000000004021181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.448e94a9132c68692021-12-22 12:44:57.449root 11241100x80000000000000004021182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.220d2916b5e997652021-12-22 12:44:57.450root 11241100x80000000000000004021183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83054e5f67b0eeeb2021-12-22 12:44:57.450root 11241100x80000000000000004021184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a153e2a9c4aaa02b2021-12-22 12:44:57.450root 11241100x80000000000000004021185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f848fb5715c9dff02021-12-22 12:44:57.450root 11241100x80000000000000004021186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a21f0456ac733d2021-12-22 12:44:57.451root 11241100x80000000000000004021187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.609dcf3ef57f56822021-12-22 12:44:57.451root 11241100x80000000000000004021188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a05f8acb5f3a00552021-12-22 12:44:57.451root 11241100x80000000000000004021189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e103e4b15e4c4742021-12-22 12:44:57.451root 11241100x80000000000000004021190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e49a3bbb30de69742021-12-22 12:44:57.452root 11241100x80000000000000004021191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6e33f44743755fe2021-12-22 12:44:57.452root 11241100x80000000000000004021192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84d0952ce25ed64a2021-12-22 12:44:57.452root 11241100x80000000000000004021193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8902f62bf1751762021-12-22 12:44:57.943root 11241100x80000000000000004021194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc6d90153829ac152021-12-22 12:44:57.943root 11241100x80000000000000004021195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.056e7514fcc2c1972021-12-22 12:44:57.943root 11241100x80000000000000004021196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e15b89d3fd77a2cb2021-12-22 12:44:57.943root 11241100x80000000000000004021197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99d673e2ecd5bb982021-12-22 12:44:57.944root 11241100x80000000000000004021198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45876352522505722021-12-22 12:44:57.944root 11241100x80000000000000004021199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98f1851937d6ac5f2021-12-22 12:44:57.944root 11241100x80000000000000004021200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad39235c72f093ad2021-12-22 12:44:57.944root 11241100x80000000000000004021201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e60209488715d7c22021-12-22 12:44:57.944root 11241100x80000000000000004021202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd88e9a065e3238a2021-12-22 12:44:57.944root 11241100x80000000000000004021203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7efa08e2006a58fc2021-12-22 12:44:57.945root 11241100x80000000000000004021204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c46a20f698b2c412021-12-22 12:44:57.945root 11241100x80000000000000004021205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fcc952b9676c99a2021-12-22 12:44:57.945root 11241100x80000000000000004021206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71c457d3d1e3519a2021-12-22 12:44:57.945root 11241100x80000000000000004021207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76cd3afcc51d7efb2021-12-22 12:44:57.945root 11241100x80000000000000004021208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e10d7d0df333ea2021-12-22 12:44:57.945root 11241100x80000000000000004021209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16bf64dca552b38f2021-12-22 12:44:57.945root 11241100x80000000000000004021210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c9d90959a39ef122021-12-22 12:44:57.945root 11241100x80000000000000004021211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.308ec3b67f83e3512021-12-22 12:44:57.945root 11241100x80000000000000004021212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4fb3c1f96b049f92021-12-22 12:44:57.945root 11241100x80000000000000004021213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0077c57644c6f8882021-12-22 12:44:57.945root 11241100x80000000000000004021214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5766b9dea0a52682021-12-22 12:44:57.946root 11241100x80000000000000004021215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28e7ee84d6e99fc62021-12-22 12:44:57.946root 11241100x80000000000000004021216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb1817a73458257b2021-12-22 12:44:57.946root 11241100x80000000000000004021217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e0a820f6d3a712c2021-12-22 12:44:57.946root 11241100x80000000000000004021218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76cfa31315891c6c2021-12-22 12:44:57.946root 11241100x80000000000000004021219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a3d6bb0989d4b172021-12-22 12:44:57.946root 11241100x80000000000000004021220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fc83fa35d43bf892021-12-22 12:44:57.947root 11241100x80000000000000004021221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1f1d0e61b9cde5b2021-12-22 12:44:57.947root 11241100x80000000000000004021222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4616548f3b3c0e9f2021-12-22 12:44:57.947root 11241100x80000000000000004021223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f2409f020a566be2021-12-22 12:44:57.947root 11241100x80000000000000004021224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d49a4b573fd13e0f2021-12-22 12:44:57.948root 11241100x80000000000000004021225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b910a70740fed98c2021-12-22 12:44:57.948root 11241100x80000000000000004021226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ec90e5df9504902021-12-22 12:44:57.948root 11241100x80000000000000004021227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ef32cf2c4896b792021-12-22 12:44:57.948root 11241100x80000000000000004021228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a99b33c268feb532021-12-22 12:44:57.949root 11241100x80000000000000004021229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b8981168206e2f52021-12-22 12:44:57.949root 11241100x80000000000000004021230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4332c5f439cd5af42021-12-22 12:44:57.949root 11241100x80000000000000004021231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f014d3094b21b97b2021-12-22 12:44:57.949root 11241100x80000000000000004021232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2add852dd83941e92021-12-22 12:44:57.949root 11241100x80000000000000004021233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28925f09f5cacffe2021-12-22 12:44:57.949root 11241100x80000000000000004021234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2db1bbd2231ea372021-12-22 12:44:57.950root 11241100x80000000000000004021235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:57.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d69c956fa1a8b9f72021-12-22 12:44:57.950root 11241100x80000000000000004021236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21367c14af070bf02021-12-22 12:44:58.443root 11241100x80000000000000004021237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c51c9f73dd41d0ff2021-12-22 12:44:58.443root 11241100x80000000000000004021238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edb909d3148910e22021-12-22 12:44:58.443root 11241100x80000000000000004021239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.819a8bc422d903a12021-12-22 12:44:58.443root 11241100x80000000000000004021240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e83fc08510ef7a32021-12-22 12:44:58.443root 11241100x80000000000000004021241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.580cb2866685a53c2021-12-22 12:44:58.444root 11241100x80000000000000004021242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0322b31d5b0f8b32021-12-22 12:44:58.444root 11241100x80000000000000004021243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a5b2e0b417d12dd2021-12-22 12:44:58.444root 11241100x80000000000000004021244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d407ea375effe162021-12-22 12:44:58.444root 11241100x80000000000000004021245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e034e5b40e774e2021-12-22 12:44:58.444root 11241100x80000000000000004021246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cdea6b9cd2d83332021-12-22 12:44:58.444root 11241100x80000000000000004021247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fe57d7b10978c0a2021-12-22 12:44:58.444root 11241100x80000000000000004021248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d3f59b4e812c2d2021-12-22 12:44:58.444root 11241100x80000000000000004021249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f3b7a3b9aa3610a2021-12-22 12:44:58.444root 11241100x80000000000000004021250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbcb26a8a86799b82021-12-22 12:44:58.444root 11241100x80000000000000004021251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a8444e9f12705012021-12-22 12:44:58.445root 11241100x80000000000000004021252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18c70cd5e1964f612021-12-22 12:44:58.445root 11241100x80000000000000004021253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed7125cd8414eec12021-12-22 12:44:58.445root 11241100x80000000000000004021254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69b37b55be75e53f2021-12-22 12:44:58.445root 11241100x80000000000000004021255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f775e69ac0e1007a2021-12-22 12:44:58.445root 11241100x80000000000000004021256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab1b8ff4b22173ce2021-12-22 12:44:58.445root 11241100x80000000000000004021257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8034df676957c842021-12-22 12:44:58.445root 11241100x80000000000000004021258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.525de47e5ab174972021-12-22 12:44:58.445root 11241100x80000000000000004021259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b5ea629d48ddc032021-12-22 12:44:58.445root 11241100x80000000000000004021260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4c3331b0831c5992021-12-22 12:44:58.445root 11241100x80000000000000004021261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e5dce866c7a03ee2021-12-22 12:44:58.446root 11241100x80000000000000004021262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b720e19ce70f8c982021-12-22 12:44:58.446root 11241100x80000000000000004021263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d62400e49fd56a82021-12-22 12:44:58.446root 11241100x80000000000000004021264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b51294efe4280d02021-12-22 12:44:58.446root 11241100x80000000000000004021265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10616c5ea85e0ad52021-12-22 12:44:58.446root 11241100x80000000000000004021266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae69ba965801aeea2021-12-22 12:44:58.446root 11241100x80000000000000004021267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.126693ddd987ebf02021-12-22 12:44:58.446root 11241100x80000000000000004021268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7431f37d59c1670f2021-12-22 12:44:58.446root 11241100x80000000000000004021269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b34602c25eaab322021-12-22 12:44:58.446root 11241100x80000000000000004021270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e47a532b2b250fea2021-12-22 12:44:58.446root 11241100x80000000000000004021271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d782bc966c5856722021-12-22 12:44:58.447root 11241100x80000000000000004021272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.638a9024af5113c22021-12-22 12:44:58.447root 11241100x80000000000000004021273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9719fc0ccda0ab872021-12-22 12:44:58.447root 11241100x80000000000000004021274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b96395eb35554e72021-12-22 12:44:58.447root 11241100x80000000000000004021275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1178693ae813b02d2021-12-22 12:44:58.447root 11241100x80000000000000004021276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb041ee3ac84fdb22021-12-22 12:44:58.447root 11241100x80000000000000004021277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fb559582c3380882021-12-22 12:44:58.447root 11241100x80000000000000004021278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e91e5a83427d4b802021-12-22 12:44:58.447root 11241100x80000000000000004021279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e83de621ce9a3f72021-12-22 12:44:58.447root 11241100x80000000000000004021280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29d2cfc0bee564a62021-12-22 12:44:58.447root 11241100x80000000000000004021281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ec19fc748c7a24a2021-12-22 12:44:58.447root 11241100x80000000000000004021282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df0bdc37be98bacd2021-12-22 12:44:58.448root 11241100x80000000000000004021283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94a3fcf5088206bd2021-12-22 12:44:58.448root 11241100x80000000000000004021284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.423f56e68a28765d2021-12-22 12:44:58.448root 11241100x80000000000000004021285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e4ca9baa82e36ce2021-12-22 12:44:58.448root 11241100x80000000000000004021286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d797432df0ef1742021-12-22 12:44:58.943root 11241100x80000000000000004021287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ecc8a0f3caffb5e2021-12-22 12:44:58.943root 11241100x80000000000000004021288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98362205be9b0e1a2021-12-22 12:44:58.943root 11241100x80000000000000004021289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d81f6dbe5d72cdb2021-12-22 12:44:58.943root 11241100x80000000000000004021290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8af0b4fbea51666d2021-12-22 12:44:58.943root 11241100x80000000000000004021291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87bed17eb5784f5b2021-12-22 12:44:58.944root 11241100x80000000000000004021292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.047e681eaa40a5722021-12-22 12:44:58.944root 11241100x80000000000000004021293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9ba7427882f93782021-12-22 12:44:58.944root 11241100x80000000000000004021294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44a167494b3426642021-12-22 12:44:58.944root 11241100x80000000000000004021295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12d852fa1e916c1c2021-12-22 12:44:58.944root 11241100x80000000000000004021296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.786e2cb85f1430b32021-12-22 12:44:58.944root 11241100x80000000000000004021297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31dbd8d681d433902021-12-22 12:44:58.944root 11241100x80000000000000004021298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2234f58a35ae75c2021-12-22 12:44:58.944root 11241100x80000000000000004021299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee9be6af3f3813e82021-12-22 12:44:58.944root 11241100x80000000000000004021300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67d18f5061ef44442021-12-22 12:44:58.944root 11241100x80000000000000004021301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58335981561e4ea62021-12-22 12:44:58.944root 11241100x80000000000000004021302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4904fac00e23434d2021-12-22 12:44:58.944root 11241100x80000000000000004021303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce44fab374b7c3ce2021-12-22 12:44:58.944root 11241100x80000000000000004021304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93241fa04e54b9522021-12-22 12:44:58.944root 11241100x80000000000000004021305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a0c78c0144822d72021-12-22 12:44:58.944root 11241100x80000000000000004021306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41eb63134eae1a952021-12-22 12:44:58.945root 11241100x80000000000000004021307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.932bfca07ee48ce92021-12-22 12:44:58.945root 11241100x80000000000000004021308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f1d4ac4a16327d92021-12-22 12:44:58.945root 11241100x80000000000000004021309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8276b29fed406062021-12-22 12:44:58.945root 11241100x80000000000000004021310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c518dfcc86e5bce62021-12-22 12:44:58.945root 11241100x80000000000000004021311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a49751b259ddb422021-12-22 12:44:58.945root 11241100x80000000000000004021312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb74fce6f7f7cabd2021-12-22 12:44:58.945root 11241100x80000000000000004021313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf4f00b47ffa454b2021-12-22 12:44:58.945root 11241100x80000000000000004021314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0479e99386b089762021-12-22 12:44:58.945root 11241100x80000000000000004021315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.732e4b1bd25285ca2021-12-22 12:44:58.945root 11241100x80000000000000004021316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98df4bd552cc80bf2021-12-22 12:44:58.945root 11241100x80000000000000004021317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9b45f09c0ad61c92021-12-22 12:44:58.945root 11241100x80000000000000004021318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5af17fc0da77538b2021-12-22 12:44:58.945root 11241100x80000000000000004021319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31b555c9cefddc5a2021-12-22 12:44:58.945root 11241100x80000000000000004021320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e02302b75b622de2021-12-22 12:44:58.945root 11241100x80000000000000004021321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9494b5d85a3e62df2021-12-22 12:44:58.945root 11241100x80000000000000004021322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2068b9703b165b902021-12-22 12:44:58.946root 11241100x80000000000000004021323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ea7389eac87cf922021-12-22 12:44:58.946root 11241100x80000000000000004021324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c1614f462652f622021-12-22 12:44:58.946root 11241100x80000000000000004021325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b194333387638e62021-12-22 12:44:58.946root 11241100x80000000000000004021326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.238bf2aeaa64ac862021-12-22 12:44:58.946root 11241100x80000000000000004021327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e7829258adf02d52021-12-22 12:44:58.946root 11241100x80000000000000004021328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d864be60a5ae1d92021-12-22 12:44:58.946root 11241100x80000000000000004021329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.653b7c9dad5c316b2021-12-22 12:44:58.946root 11241100x80000000000000004021330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c69111eec205a1892021-12-22 12:44:58.946root 11241100x80000000000000004021331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4013da900e0ef1652021-12-22 12:44:59.443root 11241100x80000000000000004021332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7853d92b934b3a0b2021-12-22 12:44:59.443root 11241100x80000000000000004021333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0e10c961c901b8e2021-12-22 12:44:59.443root 11241100x80000000000000004021334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b7b49b53636dad52021-12-22 12:44:59.443root 11241100x80000000000000004021335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44e99824d00ea5da2021-12-22 12:44:59.443root 11241100x80000000000000004021336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96fe1b6c2f7fb98a2021-12-22 12:44:59.443root 11241100x80000000000000004021337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec7ae98a768913ca2021-12-22 12:44:59.443root 11241100x80000000000000004021338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f6ba5467a913d842021-12-22 12:44:59.444root 11241100x80000000000000004021339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93fac98a67de01442021-12-22 12:44:59.444root 11241100x80000000000000004021340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce8bb231110214232021-12-22 12:44:59.444root 11241100x80000000000000004021341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6d961cc15ba4ffd2021-12-22 12:44:59.444root 11241100x80000000000000004021342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e48f5be3ac2ce5cb2021-12-22 12:44:59.444root 11241100x80000000000000004021343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de0433cb6120818b2021-12-22 12:44:59.444root 11241100x80000000000000004021344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f28cadc0a6acb922021-12-22 12:44:59.445root 11241100x80000000000000004021345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb62fc8c1ce004a42021-12-22 12:44:59.445root 11241100x80000000000000004021346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d477fb53011d8b72021-12-22 12:44:59.445root 11241100x80000000000000004021347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f161410add2ec732021-12-22 12:44:59.445root 11241100x80000000000000004021348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8849cf86f631cb4a2021-12-22 12:44:59.446root 11241100x80000000000000004021349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f43d0c1e30b978b2021-12-22 12:44:59.446root 11241100x80000000000000004021350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d3b9a7a904dba72021-12-22 12:44:59.446root 11241100x80000000000000004021351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79ca66842078fe4e2021-12-22 12:44:59.446root 11241100x80000000000000004021352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15d3e0ee940e84162021-12-22 12:44:59.446root 11241100x80000000000000004021353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b7847f8626c6bf62021-12-22 12:44:59.447root 11241100x80000000000000004021354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.628c3293ee2ee6fe2021-12-22 12:44:59.447root 11241100x80000000000000004021355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45bd417a975845c32021-12-22 12:44:59.447root 11241100x80000000000000004021356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f38cd2701640b712021-12-22 12:44:59.448root 11241100x80000000000000004021357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5102bf7516dcd68f2021-12-22 12:44:59.448root 11241100x80000000000000004021358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.250bca3304be75d02021-12-22 12:44:59.448root 11241100x80000000000000004021359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0460a00d67a2f6ba2021-12-22 12:44:59.448root 11241100x80000000000000004021360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1554223793657f702021-12-22 12:44:59.448root 11241100x80000000000000004021361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b19fc014cdeca1a42021-12-22 12:44:59.449root 11241100x80000000000000004021362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42baae88e15d56e92021-12-22 12:44:59.449root 11241100x80000000000000004021363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.160c909ca4ce610b2021-12-22 12:44:59.449root 11241100x80000000000000004021364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8008481b806777f2021-12-22 12:44:59.449root 11241100x80000000000000004021365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ce14e8f150c4f1f2021-12-22 12:44:59.449root 11241100x80000000000000004021366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c51ed34a14f568c52021-12-22 12:44:59.449root 11241100x80000000000000004021367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbf2d985982d78a42021-12-22 12:44:59.449root 11241100x80000000000000004021368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e7627ca2809c0e52021-12-22 12:44:59.449root 11241100x80000000000000004021369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43dd8fdbbe8d8c7a2021-12-22 12:44:59.450root 11241100x80000000000000004021370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1601faaacf033a5d2021-12-22 12:44:59.450root 11241100x80000000000000004021371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ab81d6343428a62021-12-22 12:44:59.450root 11241100x80000000000000004021372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba90aa09e4fe57be2021-12-22 12:44:59.450root 11241100x80000000000000004021373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43df8cd5781a62852021-12-22 12:44:59.450root 11241100x80000000000000004021374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10e068adf91f246c2021-12-22 12:44:59.450root 11241100x80000000000000004021375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88fc6a8a631ff9a72021-12-22 12:44:59.450root 11241100x80000000000000004021376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e884feb381b71962021-12-22 12:44:59.451root 11241100x80000000000000004021377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29fbe3463c21d76c2021-12-22 12:44:59.451root 11241100x80000000000000004021378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa81ac07ee2be0762021-12-22 12:44:59.451root 11241100x80000000000000004021379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f68336423c62cd772021-12-22 12:44:59.451root 11241100x80000000000000004021380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7ca4e0017921a362021-12-22 12:44:59.451root 11241100x80000000000000004021381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb5200cbd28f03ed2021-12-22 12:44:59.451root 11241100x80000000000000004021382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bae37cdf8d6294e2021-12-22 12:44:59.451root 11241100x80000000000000004021383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6c86dcced57d1dc2021-12-22 12:44:59.451root 11241100x80000000000000004021384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b3508623ac30ce2021-12-22 12:44:59.451root 11241100x80000000000000004021385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bbadc58be629b7c2021-12-22 12:44:59.452root 11241100x80000000000000004021386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68f739691b77d4362021-12-22 12:44:59.943root 11241100x80000000000000004021387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65599ad1a6c87a162021-12-22 12:44:59.943root 11241100x80000000000000004021388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2972d03b1c5710e2021-12-22 12:44:59.943root 11241100x80000000000000004021389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c445d304308215152021-12-22 12:44:59.943root 11241100x80000000000000004021390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d10fbb7dd14c5c12021-12-22 12:44:59.944root 11241100x80000000000000004021391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.698637b7666584562021-12-22 12:44:59.944root 11241100x80000000000000004021392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e255131b7b4ef9f2021-12-22 12:44:59.944root 11241100x80000000000000004021393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.611b21eb4634b36d2021-12-22 12:44:59.944root 11241100x80000000000000004021394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a64b432106daa412021-12-22 12:44:59.944root 11241100x80000000000000004021395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1dd49b3887221de2021-12-22 12:44:59.944root 11241100x80000000000000004021396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f52aaa203da02ba2021-12-22 12:44:59.944root 11241100x80000000000000004021397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d02d4e0ac2b84a532021-12-22 12:44:59.944root 11241100x80000000000000004021398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5abd9fbb5dda39c82021-12-22 12:44:59.944root 11241100x80000000000000004021399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2bf904f6beb3b7d2021-12-22 12:44:59.944root 11241100x80000000000000004021400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89dfff1b3840ec302021-12-22 12:44:59.944root 11241100x80000000000000004021401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fba375d6660719f2021-12-22 12:44:59.944root 11241100x80000000000000004021402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba8e5177470454f92021-12-22 12:44:59.944root 11241100x80000000000000004021403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bf86f9edff572e62021-12-22 12:44:59.945root 11241100x80000000000000004021404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6765e3ff57a0d8fd2021-12-22 12:44:59.945root 11241100x80000000000000004021405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d9cd1f38bdaf3622021-12-22 12:44:59.945root 11241100x80000000000000004021406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ca286760de329562021-12-22 12:44:59.945root 11241100x80000000000000004021407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2c361ccf2e411f92021-12-22 12:44:59.945root 11241100x80000000000000004021408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9878c2b1f2488aec2021-12-22 12:44:59.945root 11241100x80000000000000004021409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.206c59dee0734e732021-12-22 12:44:59.945root 11241100x80000000000000004021410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0045efc498c650e32021-12-22 12:44:59.945root 11241100x80000000000000004021411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9a50450600cc87f2021-12-22 12:44:59.945root 11241100x80000000000000004021412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8ec0f5f89ff05f82021-12-22 12:44:59.946root 11241100x80000000000000004021413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.807b279161ea7b242021-12-22 12:44:59.946root 11241100x80000000000000004021414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a2680487107e682021-12-22 12:44:59.946root 11241100x80000000000000004021415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f9979d019937f042021-12-22 12:44:59.946root 11241100x80000000000000004021416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b194424d356b56132021-12-22 12:44:59.946root 11241100x80000000000000004021417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.618e115308871a012021-12-22 12:44:59.946root 11241100x80000000000000004021418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.373ae102a286c65a2021-12-22 12:44:59.946root 11241100x80000000000000004021419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2255b793c6272c3d2021-12-22 12:44:59.946root 11241100x80000000000000004021420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87c9120451f1522f2021-12-22 12:44:59.947root 11241100x80000000000000004021421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ed32f4079e15592021-12-22 12:44:59.947root 11241100x80000000000000004021422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08efb8cf9c3be04d2021-12-22 12:44:59.947root 11241100x80000000000000004021423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c600bf80d7b6248f2021-12-22 12:44:59.947root 11241100x80000000000000004021424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b3211be82302a722021-12-22 12:44:59.947root 11241100x80000000000000004021425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a3f9ecaa09695012021-12-22 12:44:59.947root 11241100x80000000000000004021426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28a41195042540c32021-12-22 12:44:59.947root 11241100x80000000000000004021427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bf07f4c506f5a2f2021-12-22 12:44:59.948root 11241100x80000000000000004021428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f01ac7330c8a5d302021-12-22 12:44:59.948root 11241100x80000000000000004021429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e38ec275be48b0c72021-12-22 12:44:59.948root 11241100x80000000000000004021430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dbfc3c8b6e112c12021-12-22 12:44:59.948root 11241100x80000000000000004021431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5806dca2330424ee2021-12-22 12:44:59.948root 11241100x80000000000000004021432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3fedfebd8c4a8592021-12-22 12:44:59.948root 11241100x80000000000000004021433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a669acf46291edef2021-12-22 12:44:59.948root 11241100x80000000000000004021434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7750e7fb77b920b2021-12-22 12:44:59.948root 11241100x80000000000000004021435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b01893d4118656bc2021-12-22 12:44:59.948root 11241100x80000000000000004021436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b2e53e537e190dc2021-12-22 12:44:59.948root 11241100x80000000000000004021437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04d57a1e2cac9df02021-12-22 12:44:59.949root 11241100x80000000000000004021438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f15f686de492dcc2021-12-22 12:44:59.949root 11241100x80000000000000004021439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e88914fc2a4b5d1d2021-12-22 12:44:59.949root 11241100x80000000000000004021440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc7bcc3d15e608f92021-12-22 12:44:59.949root 11241100x80000000000000004021441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.208227fdc06bf3be2021-12-22 12:44:59.949root 11241100x80000000000000004021442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f612c72cbe3245ac2021-12-22 12:44:59.949root 11241100x80000000000000004021443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.693dea559254118c2021-12-22 12:44:59.949root 11241100x80000000000000004021444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ab9ce4ddb96f04e2021-12-22 12:44:59.949root 11241100x80000000000000004021445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d73fd93bc88b33c2021-12-22 12:44:59.949root 11241100x80000000000000004021446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:44:59.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efdaa145c9f10bf22021-12-22 12:44:59.949root 11241100x80000000000000004021447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6a35f788e52cb8e2021-12-22 12:45:00.443root 11241100x80000000000000004021448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0f6c75509a8a13a2021-12-22 12:45:00.443root 11241100x80000000000000004021449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd7b1068c90dac172021-12-22 12:45:00.443root 11241100x80000000000000004021450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.906ca89c1a78c5e52021-12-22 12:45:00.444root 11241100x80000000000000004021451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.656ff305184692c62021-12-22 12:45:00.444root 11241100x80000000000000004021452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c01f5571f99541b72021-12-22 12:45:00.444root 11241100x80000000000000004021453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c50c34ceda44491c2021-12-22 12:45:00.444root 11241100x80000000000000004021454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6256d4c77171703d2021-12-22 12:45:00.444root 11241100x80000000000000004021455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eee4bbd122701bfd2021-12-22 12:45:00.444root 11241100x80000000000000004021456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9de9c376c8bb7202021-12-22 12:45:00.444root 11241100x80000000000000004021457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d6315686e43c0c92021-12-22 12:45:00.444root 11241100x80000000000000004021458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48286ad2ef137c702021-12-22 12:45:00.445root 11241100x80000000000000004021459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dca9a09edb99a0a2021-12-22 12:45:00.445root 11241100x80000000000000004021460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d1b297c5298a37c2021-12-22 12:45:00.445root 11241100x80000000000000004021461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecacfe8bfd3af1b12021-12-22 12:45:00.445root 11241100x80000000000000004021462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82840445401fd71b2021-12-22 12:45:00.445root 11241100x80000000000000004021463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da3dda1bf85e9e3f2021-12-22 12:45:00.445root 11241100x80000000000000004021464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9000b80b0dcd856f2021-12-22 12:45:00.445root 11241100x80000000000000004021465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76eb527f94bf53f02021-12-22 12:45:00.445root 11241100x80000000000000004021466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7739ddb1b1449162021-12-22 12:45:00.446root 11241100x80000000000000004021467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.634a95ac47715dde2021-12-22 12:45:00.446root 11241100x80000000000000004021468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60f8684b0ec332412021-12-22 12:45:00.446root 11241100x80000000000000004021469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84a87f1dcea9690f2021-12-22 12:45:00.446root 11241100x80000000000000004021470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.938f6b6e66ca83582021-12-22 12:45:00.446root 11241100x80000000000000004021471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eb9cd72551ed2d32021-12-22 12:45:00.446root 11241100x80000000000000004021472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.244748c8ea7c5c692021-12-22 12:45:00.446root 11241100x80000000000000004021473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02010a05cf866c262021-12-22 12:45:00.447root 11241100x80000000000000004021474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54fd581560bae8042021-12-22 12:45:00.447root 11241100x80000000000000004021475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5f2b02aec5d3aaf2021-12-22 12:45:00.447root 11241100x80000000000000004021476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67ad937d568c5dce2021-12-22 12:45:00.447root 11241100x80000000000000004021477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ba3658a3a693f692021-12-22 12:45:00.447root 11241100x80000000000000004021478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab8bf2b64b1b57b92021-12-22 12:45:00.447root 11241100x80000000000000004021479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c961fc0c70f1ee12021-12-22 12:45:00.447root 11241100x80000000000000004021480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.544d562adab2a6812021-12-22 12:45:00.447root 11241100x80000000000000004021481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebd9257d890d4db02021-12-22 12:45:00.447root 11241100x80000000000000004021482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c10de58a5a72d02021-12-22 12:45:00.448root 11241100x80000000000000004021483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5634236f2a390ca52021-12-22 12:45:00.448root 11241100x80000000000000004021484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e05171f4b557a32021-12-22 12:45:00.448root 11241100x80000000000000004021485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04f4a376c2d201752021-12-22 12:45:00.449root 11241100x80000000000000004021486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34d33833558bce872021-12-22 12:45:00.449root 11241100x80000000000000004021487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d61ec7520a047392021-12-22 12:45:00.449root 11241100x80000000000000004021488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.925cd9c495106e112021-12-22 12:45:00.449root 11241100x80000000000000004021489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59a358cea805a2ea2021-12-22 12:45:00.449root 11241100x80000000000000004021490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9144748eb87007c92021-12-22 12:45:00.449root 11241100x80000000000000004021491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.894f195a4e9ca0992021-12-22 12:45:00.449root 11241100x80000000000000004021492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0bb4f76b298600a2021-12-22 12:45:00.449root 11241100x80000000000000004021493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d351863995a1289c2021-12-22 12:45:00.943root 11241100x80000000000000004021494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f88ef3f4b27299fd2021-12-22 12:45:00.943root 11241100x80000000000000004021495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c0b3545d3bc289c2021-12-22 12:45:00.943root 11241100x80000000000000004021496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f16e3b68765f7422021-12-22 12:45:00.944root 11241100x80000000000000004021497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1867e9ae480677f42021-12-22 12:45:00.944root 11241100x80000000000000004021498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4be43da9bbbe5e102021-12-22 12:45:00.944root 11241100x80000000000000004021499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.791910496eab9edd2021-12-22 12:45:00.944root 11241100x80000000000000004021500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11b82fd8fef47b712021-12-22 12:45:00.944root 11241100x80000000000000004021501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73be02f8d6d203eb2021-12-22 12:45:00.944root 11241100x80000000000000004021502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33825f59d27ce67f2021-12-22 12:45:00.944root 11241100x80000000000000004021503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea020bb089611352021-12-22 12:45:00.944root 11241100x80000000000000004021504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b50ae83dd7e50152021-12-22 12:45:00.944root 11241100x80000000000000004021505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7d2597b962904eb2021-12-22 12:45:00.944root 11241100x80000000000000004021506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c034eafd3b53c8002021-12-22 12:45:00.944root 11241100x80000000000000004021507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c68ca90564840432021-12-22 12:45:00.945root 11241100x80000000000000004021508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2643bd1d5c1feee82021-12-22 12:45:00.945root 11241100x80000000000000004021509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35e87c4fea01898f2021-12-22 12:45:00.945root 11241100x80000000000000004021510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.707201b2a9ec456c2021-12-22 12:45:00.945root 11241100x80000000000000004021511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bce2d29225cb324b2021-12-22 12:45:00.945root 11241100x80000000000000004021512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de231925241801bb2021-12-22 12:45:00.945root 11241100x80000000000000004021513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69c88e5cfbacdf622021-12-22 12:45:00.945root 11241100x80000000000000004021514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f33823ff5c2b120d2021-12-22 12:45:00.945root 11241100x80000000000000004021515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbe28bad7dc1d33d2021-12-22 12:45:00.946root 11241100x80000000000000004021516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac5fa596b145b1692021-12-22 12:45:00.946root 11241100x80000000000000004021517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f207bbf690defaf2021-12-22 12:45:00.946root 11241100x80000000000000004021518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5d5fb7dd3fa410f2021-12-22 12:45:00.946root 11241100x80000000000000004021519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e74c72e9dee615772021-12-22 12:45:00.946root 11241100x80000000000000004021520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b640d132fd98031a2021-12-22 12:45:00.946root 11241100x80000000000000004021521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c965eeb8cc1fd4be2021-12-22 12:45:00.946root 11241100x80000000000000004021522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c438f47d1d480b0f2021-12-22 12:45:00.946root 11241100x80000000000000004021523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.445b3559059ad9632021-12-22 12:45:00.946root 11241100x80000000000000004021524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b7113816fc463df2021-12-22 12:45:00.947root 11241100x80000000000000004021525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c327fcabfa51d9a82021-12-22 12:45:00.947root 11241100x80000000000000004021526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7b4b9c18cce07692021-12-22 12:45:00.947root 11241100x80000000000000004021527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e69834f42bb0ce262021-12-22 12:45:00.947root 11241100x80000000000000004021528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.707e49065e218e752021-12-22 12:45:00.947root 11241100x80000000000000004021529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f946b79f728a7cb82021-12-22 12:45:00.947root 11241100x80000000000000004021530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f98b9656fd85f4b2021-12-22 12:45:00.947root 11241100x80000000000000004021531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f759e90580b91df32021-12-22 12:45:00.947root 11241100x80000000000000004021532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7804f9130e484e2b2021-12-22 12:45:00.948root 11241100x80000000000000004021533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23fb19276d0fae9f2021-12-22 12:45:00.948root 11241100x80000000000000004021534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df83136dd3312ed12021-12-22 12:45:00.948root 11241100x80000000000000004021535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb445ad689122e62021-12-22 12:45:00.948root 11241100x80000000000000004021536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc2c32d47ccbb9762021-12-22 12:45:00.948root 11241100x80000000000000004021537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa600e5f362aa8692021-12-22 12:45:00.948root 11241100x80000000000000004021538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69005b4bfa5789cb2021-12-22 12:45:00.948root 11241100x80000000000000004021539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42d13a0fd38ff7192021-12-22 12:45:00.948root 11241100x80000000000000004021540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b92b95abf9344fcb2021-12-22 12:45:00.948root 11241100x80000000000000004021541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7d6dfc5049a5ec62021-12-22 12:45:00.948root 354300x80000000000000004021542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.063{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-56852-false10.0.1.12-8000- 11241100x80000000000000004021543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1b92e5a4e8efc4f2021-12-22 12:45:01.443root 11241100x80000000000000004021544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97c9a26fb72ea2c32021-12-22 12:45:01.443root 11241100x80000000000000004021545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d29dba0e531ebac2021-12-22 12:45:01.443root 11241100x80000000000000004021546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3138e4a6a2a1f1312021-12-22 12:45:01.444root 11241100x80000000000000004021547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e2a35ff5debeac62021-12-22 12:45:01.444root 11241100x80000000000000004021548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93b2d1b5c8b7a4102021-12-22 12:45:01.444root 11241100x80000000000000004021549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc59325e4d7cff652021-12-22 12:45:01.444root 11241100x80000000000000004021550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a373826b0329eaa2021-12-22 12:45:01.444root 11241100x80000000000000004021551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de8b8e24e9f5a24c2021-12-22 12:45:01.444root 11241100x80000000000000004021552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f312ba312c8669432021-12-22 12:45:01.444root 11241100x80000000000000004021553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0d699562d8fda7d2021-12-22 12:45:01.444root 11241100x80000000000000004021554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ffc0a4792d95502021-12-22 12:45:01.445root 11241100x80000000000000004021555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c4e06476fb145b72021-12-22 12:45:01.445root 11241100x80000000000000004021556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06f22245a54dece72021-12-22 12:45:01.445root 11241100x80000000000000004021557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52699da1428955592021-12-22 12:45:01.445root 11241100x80000000000000004021558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.654acfc84f5f3dfa2021-12-22 12:45:01.446root 11241100x80000000000000004021559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea5c6a20e78657072021-12-22 12:45:01.446root 11241100x80000000000000004021560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05b12bab875b277b2021-12-22 12:45:01.446root 11241100x80000000000000004021561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab60d993238080d62021-12-22 12:45:01.446root 11241100x80000000000000004021562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc3b3fb9c6eb55d22021-12-22 12:45:01.446root 11241100x80000000000000004021563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e0ba163744763892021-12-22 12:45:01.446root 11241100x80000000000000004021564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0063c0e658b1e0f2021-12-22 12:45:01.447root 11241100x80000000000000004021565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1065fd77b9355e972021-12-22 12:45:01.447root 11241100x80000000000000004021566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4097ecae432b569d2021-12-22 12:45:01.447root 11241100x80000000000000004021567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c3b47e3b2ef67492021-12-22 12:45:01.447root 11241100x80000000000000004021568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaf080edeaa85e082021-12-22 12:45:01.447root 11241100x80000000000000004021569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c61cec550648b7d92021-12-22 12:45:01.447root 11241100x80000000000000004021570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e1185e7f8d9470e2021-12-22 12:45:01.447root 11241100x80000000000000004021571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.822a55481b914a8f2021-12-22 12:45:01.447root 11241100x80000000000000004021572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.990bcb8dd0ae84342021-12-22 12:45:01.447root 11241100x80000000000000004021573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7c528f81f6a4dc22021-12-22 12:45:01.447root 11241100x80000000000000004021574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d36cbff461ae9fd2021-12-22 12:45:01.447root 11241100x80000000000000004021575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03aad206f7b93d572021-12-22 12:45:01.448root 11241100x80000000000000004021576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e91f7bb6c7924d952021-12-22 12:45:01.448root 11241100x80000000000000004021577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a9292286094f0412021-12-22 12:45:01.449root 11241100x80000000000000004021578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7174ca6f65de99b12021-12-22 12:45:01.449root 11241100x80000000000000004021579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd60b174a2c8b5d02021-12-22 12:45:01.449root 11241100x80000000000000004021580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7d231ff220465132021-12-22 12:45:01.449root 11241100x80000000000000004021581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fbb50669f5ff1442021-12-22 12:45:01.449root 11241100x80000000000000004021582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31acd9e527885fc12021-12-22 12:45:01.449root 11241100x80000000000000004021583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b9f5b904a36778a2021-12-22 12:45:01.449root 11241100x80000000000000004021584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3694d9d1ebd9c2d2021-12-22 12:45:01.449root 11241100x80000000000000004021585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.973d70d516e9d7732021-12-22 12:45:01.450root 11241100x80000000000000004021586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4affd318b84300192021-12-22 12:45:01.450root 11241100x80000000000000004021587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df60bf80b75a1db92021-12-22 12:45:01.450root 11241100x80000000000000004021588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.789592ae2a607f0a2021-12-22 12:45:01.451root 11241100x80000000000000004021589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42add33f598e1f7b2021-12-22 12:45:01.451root 11241100x80000000000000004021590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0d81bf74e3e77672021-12-22 12:45:01.451root 11241100x80000000000000004021591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75f4a5fc2524a6302021-12-22 12:45:01.451root 11241100x80000000000000004021592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.712c8d3b5d464c472021-12-22 12:45:01.452root 11241100x80000000000000004021593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e41074cd00b70532021-12-22 12:45:01.452root 11241100x80000000000000004021594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9ea7cff74ce26562021-12-22 12:45:01.452root 11241100x80000000000000004021595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd81d6e5b9c2d7c2021-12-22 12:45:01.453root 11241100x80000000000000004021596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.462{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9606d2b6b0c6f7c72021-12-22 12:45:01.462root 11241100x80000000000000004021597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.463{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11a9b35098cb742f2021-12-22 12:45:01.463root 11241100x80000000000000004021598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.463{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61676e19970cbf242021-12-22 12:45:01.463root 11241100x80000000000000004021599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b986206ca21911e62021-12-22 12:45:01.943root 11241100x80000000000000004021600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5878d2a7e56bf712021-12-22 12:45:01.943root 11241100x80000000000000004021601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b9c0f5737a4474c2021-12-22 12:45:01.943root 11241100x80000000000000004021602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89951da351ef383d2021-12-22 12:45:01.943root 11241100x80000000000000004021603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71105df7161e48842021-12-22 12:45:01.943root 11241100x80000000000000004021604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0beb1b736427bb5e2021-12-22 12:45:01.943root 11241100x80000000000000004021605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.142dfcc068def2b62021-12-22 12:45:01.944root 11241100x80000000000000004021606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3c75b1b9621c6f02021-12-22 12:45:01.944root 11241100x80000000000000004021607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53dbf1dbb1ed61102021-12-22 12:45:01.944root 11241100x80000000000000004021608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a10673ef75294cc22021-12-22 12:45:01.944root 11241100x80000000000000004021609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2171a2cf19a4bc452021-12-22 12:45:01.944root 11241100x80000000000000004021610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.debb3e20b8774a1e2021-12-22 12:45:01.944root 11241100x80000000000000004021611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e73283d6e29d86872021-12-22 12:45:01.944root 11241100x80000000000000004021612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abc097a88740c6532021-12-22 12:45:01.944root 11241100x80000000000000004021613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ba36b96281f89f42021-12-22 12:45:01.944root 11241100x80000000000000004021614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da6d31ba631c3ac92021-12-22 12:45:01.944root 11241100x80000000000000004021615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d794e6f0251d46212021-12-22 12:45:01.944root 11241100x80000000000000004021616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c0f6b4c5722a2862021-12-22 12:45:01.945root 11241100x80000000000000004021617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3c1621c755a40d22021-12-22 12:45:01.945root 11241100x80000000000000004021618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.289e42ba152f07c32021-12-22 12:45:01.945root 11241100x80000000000000004021619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2930e24780e97d782021-12-22 12:45:01.945root 11241100x80000000000000004021620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34b31bb95b053fc22021-12-22 12:45:01.945root 11241100x80000000000000004021621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f85e9bf24fcea0e22021-12-22 12:45:01.945root 11241100x80000000000000004021622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32f88e1b7b1695972021-12-22 12:45:01.945root 11241100x80000000000000004021623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf606315e51b8a902021-12-22 12:45:01.945root 11241100x80000000000000004021624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6de244a0028f1a52021-12-22 12:45:01.945root 11241100x80000000000000004021625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a89b9d378cfb144e2021-12-22 12:45:01.945root 11241100x80000000000000004021626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6068001a302935ea2021-12-22 12:45:01.945root 11241100x80000000000000004021627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b83bd37cf2313952021-12-22 12:45:01.946root 11241100x80000000000000004021628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5825dbd17690b5502021-12-22 12:45:01.946root 11241100x80000000000000004021629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39e9ed8a13722a6d2021-12-22 12:45:01.946root 11241100x80000000000000004021630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da6bf8472dde4502021-12-22 12:45:01.946root 11241100x80000000000000004021631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7d5b138471404992021-12-22 12:45:01.946root 11241100x80000000000000004021632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f954522b22c51b82021-12-22 12:45:01.946root 11241100x80000000000000004021633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa9a3982299f4f1e2021-12-22 12:45:01.946root 11241100x80000000000000004021634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.214cfbc66b8b28552021-12-22 12:45:01.946root 11241100x80000000000000004021635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bee7af8c861b0b82021-12-22 12:45:01.946root 11241100x80000000000000004021636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e43d2a0f47a9bb982021-12-22 12:45:01.946root 11241100x80000000000000004021637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c162420488018a232021-12-22 12:45:01.946root 11241100x80000000000000004021638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb76e2abf68c9e732021-12-22 12:45:01.947root 11241100x80000000000000004021639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8759a91de2be9b142021-12-22 12:45:01.947root 11241100x80000000000000004021640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17fcecc1a04fd7532021-12-22 12:45:01.947root 11241100x80000000000000004021641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e5327dc44ee70f92021-12-22 12:45:01.947root 11241100x80000000000000004021642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90a84fb79d71cca82021-12-22 12:45:01.947root 11241100x80000000000000004021643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ebb95548541780f2021-12-22 12:45:01.947root 11241100x80000000000000004021644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09de9cb4f5fe56952021-12-22 12:45:01.947root 11241100x80000000000000004021645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e42a3ea9276779542021-12-22 12:45:01.947root 11241100x80000000000000004021646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f73cd9a1abdf0752021-12-22 12:45:01.947root 11241100x80000000000000004021647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5547cf9c1acf3d112021-12-22 12:45:01.947root 11241100x80000000000000004021648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b41dfb06c1242722021-12-22 12:45:01.948root 11241100x80000000000000004021649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b65937e84281ff6d2021-12-22 12:45:01.948root 11241100x80000000000000004021650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3123a20532508e692021-12-22 12:45:01.948root 11241100x80000000000000004021651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df8bf789b34750d22021-12-22 12:45:01.948root 11241100x80000000000000004021652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a143f9ee80d7b0f2021-12-22 12:45:01.948root 11241100x80000000000000004021653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38b9c1dadc0f9e532021-12-22 12:45:01.948root 11241100x80000000000000004021654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff1b6b61be44ee742021-12-22 12:45:01.948root 11241100x80000000000000004021655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfc98397953876602021-12-22 12:45:01.948root 11241100x80000000000000004021656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad1ce2ceaca1738c2021-12-22 12:45:01.948root 11241100x80000000000000004021657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.846cae892466fc492021-12-22 12:45:01.948root 11241100x80000000000000004021658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eed900a373d2870a2021-12-22 12:45:01.948root 11241100x80000000000000004021659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63cf464b7c97ff512021-12-22 12:45:01.949root 11241100x80000000000000004021660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f2fc265bfcc48cf2021-12-22 12:45:01.949root 11241100x80000000000000004021661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9cefad1cb8191112021-12-22 12:45:01.949root 11241100x80000000000000004021662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28469375dde350ed2021-12-22 12:45:01.949root 11241100x80000000000000004021663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50b1fcc0058d5b6c2021-12-22 12:45:01.949root 11241100x80000000000000004021664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a71f1a1898119e962021-12-22 12:45:01.949root 11241100x80000000000000004021665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b80e9915d67f7f7b2021-12-22 12:45:01.951root 11241100x80000000000000004021666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.985d6f0813414a552021-12-22 12:45:01.951root 11241100x80000000000000004021667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.906324ea853ae4112021-12-22 12:45:01.952root 11241100x80000000000000004021668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db899af0f47761332021-12-22 12:45:01.952root 11241100x80000000000000004021669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9558e8854ee4c0762021-12-22 12:45:01.952root 11241100x80000000000000004021670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f2200fd1ab7b8a92021-12-22 12:45:01.952root 11241100x80000000000000004021671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5c037a3f886b0892021-12-22 12:45:01.953root 11241100x80000000000000004021672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0301f42859eceee32021-12-22 12:45:01.953root 11241100x80000000000000004021673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.756e336ad42bcea72021-12-22 12:45:01.954root 11241100x80000000000000004021674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8188e158e308b6982021-12-22 12:45:01.954root 11241100x80000000000000004021675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e08793ef834e46012021-12-22 12:45:01.954root 11241100x80000000000000004021676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72d56550e455b8602021-12-22 12:45:01.954root 11241100x80000000000000004021677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33413a44f077302a2021-12-22 12:45:01.954root 11241100x80000000000000004021678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fed357a497dc19c2021-12-22 12:45:01.954root 11241100x80000000000000004021679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1796a5f8215476982021-12-22 12:45:01.954root 11241100x80000000000000004021680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.139fc1453ad8de732021-12-22 12:45:01.954root 11241100x80000000000000004021681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5085ef418adce372021-12-22 12:45:01.954root 11241100x80000000000000004021682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e02f746683e2fea32021-12-22 12:45:01.955root 11241100x80000000000000004021683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1064b0f4ac15654a2021-12-22 12:45:01.955root 11241100x80000000000000004021684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eeedfe89008d3bf2021-12-22 12:45:01.955root 11241100x80000000000000004021685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9725c83c442b05012021-12-22 12:45:01.955root 11241100x80000000000000004021686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46a149b462500fc12021-12-22 12:45:01.956root 11241100x80000000000000004021687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.362c38abd83eaaee2021-12-22 12:45:01.956root 11241100x80000000000000004021688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.641f8d0aa62f37ae2021-12-22 12:45:01.956root 11241100x80000000000000004021689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2443aacaae7e1622021-12-22 12:45:01.956root 11241100x80000000000000004021690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7b483aaf69aa84f2021-12-22 12:45:01.956root 11241100x80000000000000004021691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3374d805d0442e322021-12-22 12:45:01.957root 11241100x80000000000000004021692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:01.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d73aadb77fcafd62021-12-22 12:45:01.957root 11241100x80000000000000004021693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.060c9dd153fabb252021-12-22 12:45:02.443root 11241100x80000000000000004021694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab6c81c7d681e2142021-12-22 12:45:02.443root 11241100x80000000000000004021695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9da9ec3be02302df2021-12-22 12:45:02.443root 11241100x80000000000000004021696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa0339e59052b9882021-12-22 12:45:02.443root 11241100x80000000000000004021697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2012558a251989fb2021-12-22 12:45:02.444root 11241100x80000000000000004021698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35166e32320c45d62021-12-22 12:45:02.444root 11241100x80000000000000004021699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eaa58c85d8739cc2021-12-22 12:45:02.444root 11241100x80000000000000004021700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.034ea720a39287c22021-12-22 12:45:02.444root 11241100x80000000000000004021701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62450fe80f7627b92021-12-22 12:45:02.444root 11241100x80000000000000004021702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49f917524dc98d2e2021-12-22 12:45:02.444root 11241100x80000000000000004021703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c007fb1929d233d62021-12-22 12:45:02.444root 11241100x80000000000000004021704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78f0244342d282142021-12-22 12:45:02.444root 11241100x80000000000000004021705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.926a0768e0956c422021-12-22 12:45:02.444root 11241100x80000000000000004021706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f70a8410f3737602021-12-22 12:45:02.444root 11241100x80000000000000004021707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c23cfb23d4f9ed672021-12-22 12:45:02.444root 11241100x80000000000000004021708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed896e7d91a05de62021-12-22 12:45:02.444root 11241100x80000000000000004021709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.976b3740c8ae0dd22021-12-22 12:45:02.444root 11241100x80000000000000004021710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b339928beeca8c9b2021-12-22 12:45:02.444root 11241100x80000000000000004021711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acc3966a37d113612021-12-22 12:45:02.444root 11241100x80000000000000004021712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.828c3681182a35652021-12-22 12:45:02.444root 11241100x80000000000000004021713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b266c699d8f46c062021-12-22 12:45:02.445root 11241100x80000000000000004021714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.811bea2eb560cb242021-12-22 12:45:02.445root 11241100x80000000000000004021715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1732ccfe6c0deeae2021-12-22 12:45:02.445root 11241100x80000000000000004021716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b04e99f7671b0fd72021-12-22 12:45:02.445root 11241100x80000000000000004021717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03aa48754c77bff42021-12-22 12:45:02.445root 11241100x80000000000000004021718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6fd8ced5b7360082021-12-22 12:45:02.445root 11241100x80000000000000004021719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.870d9fe73a4630712021-12-22 12:45:02.446root 11241100x80000000000000004021720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d423ee8230a849922021-12-22 12:45:02.446root 11241100x80000000000000004021721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35ce1cda4f0f584c2021-12-22 12:45:02.446root 11241100x80000000000000004021722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a7f607d0bfeb01d2021-12-22 12:45:02.446root 11241100x80000000000000004021723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec5954e5dfff929d2021-12-22 12:45:02.446root 11241100x80000000000000004021724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e69947673aef9b2f2021-12-22 12:45:02.446root 11241100x80000000000000004021725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.520e03b2e06825132021-12-22 12:45:02.446root 11241100x80000000000000004021726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e06735bd450341452021-12-22 12:45:02.446root 11241100x80000000000000004021727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e93ac3869906cde2021-12-22 12:45:02.446root 11241100x80000000000000004021728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e065fcd3eac06512021-12-22 12:45:02.446root 11241100x80000000000000004021729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d69149145ddd966d2021-12-22 12:45:02.446root 11241100x80000000000000004021730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cc58b76a8f711dd2021-12-22 12:45:02.446root 11241100x80000000000000004021731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68f83bed009ba1772021-12-22 12:45:02.446root 11241100x80000000000000004021732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54492c7bd8433f802021-12-22 12:45:02.446root 11241100x80000000000000004021733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4156faf4108389b2021-12-22 12:45:02.447root 11241100x80000000000000004021734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8989058e975a4af2021-12-22 12:45:02.447root 11241100x80000000000000004021735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9553b22dd0f6ee72021-12-22 12:45:02.447root 11241100x80000000000000004021736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47a666a75150c6052021-12-22 12:45:02.447root 11241100x80000000000000004021737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af439b99308d62912021-12-22 12:45:02.447root 11241100x80000000000000004021738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9911e903b1dbd2e2021-12-22 12:45:02.447root 11241100x80000000000000004021739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03e3d6d50bf0d2322021-12-22 12:45:02.447root 11241100x80000000000000004021740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f835de630c8287b2021-12-22 12:45:02.447root 11241100x80000000000000004021741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67ed2c4b73326ac02021-12-22 12:45:02.447root 11241100x80000000000000004021742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb16aab1f66fb14b2021-12-22 12:45:02.447root 11241100x80000000000000004021743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70617a8b4714a3312021-12-22 12:45:02.447root 11241100x80000000000000004021744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9091833b805daa362021-12-22 12:45:02.448root 11241100x80000000000000004021745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba2b945f4d1b512c2021-12-22 12:45:02.448root 11241100x80000000000000004021746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.588d68ee9b3e11a12021-12-22 12:45:02.448root 11241100x80000000000000004021747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dafe2167a2d86a042021-12-22 12:45:02.448root 11241100x80000000000000004021748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bb1c41de7e526722021-12-22 12:45:02.448root 11241100x80000000000000004021749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eff786a758fd7c72021-12-22 12:45:02.448root 11241100x80000000000000004021750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cbf51a33999d95f2021-12-22 12:45:02.448root 11241100x80000000000000004021751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81c4cbdf102e42ad2021-12-22 12:45:02.448root 11241100x80000000000000004021752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0f7e06e1699d9ad2021-12-22 12:45:02.448root 11241100x80000000000000004021753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ea40f63aaeff9b82021-12-22 12:45:02.448root 11241100x80000000000000004021754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc94833b6e7b08ec2021-12-22 12:45:02.448root 11241100x80000000000000004021755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff53c0af802137ff2021-12-22 12:45:02.449root 11241100x80000000000000004021756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.328b7d2ca7d8021a2021-12-22 12:45:02.449root 11241100x80000000000000004021757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6582e4a4dbf238202021-12-22 12:45:02.449root 11241100x80000000000000004021758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6027e35a66bc25b2021-12-22 12:45:02.449root 11241100x80000000000000004021759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b17a3831b0c21d32021-12-22 12:45:02.449root 11241100x80000000000000004021760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1db3d9b60588a3c2021-12-22 12:45:02.449root 11241100x80000000000000004021761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51bec7e9507e3a492021-12-22 12:45:02.449root 11241100x80000000000000004021762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6d47dcab00b2b242021-12-22 12:45:02.449root 11241100x80000000000000004021763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c449c7d69fba45a2021-12-22 12:45:02.449root 11241100x80000000000000004021764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60715444c24251772021-12-22 12:45:02.449root 11241100x80000000000000004021765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d760632333253e802021-12-22 12:45:02.449root 11241100x80000000000000004021766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a219aa0685e5aca92021-12-22 12:45:02.450root 11241100x80000000000000004021767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3619b65e35615152021-12-22 12:45:02.450root 11241100x80000000000000004021768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fba764bcf887c302021-12-22 12:45:02.450root 11241100x80000000000000004021769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81f81d6fea11f9212021-12-22 12:45:02.450root 11241100x80000000000000004021770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c2db2e30b86e8ee2021-12-22 12:45:02.450root 11241100x80000000000000004021771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2cdcc419b7142fa2021-12-22 12:45:02.450root 11241100x80000000000000004021772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.381dfd436cc7c9632021-12-22 12:45:02.450root 11241100x80000000000000004021773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaf9170827038c932021-12-22 12:45:02.450root 11241100x80000000000000004021774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.962f278afddb57f82021-12-22 12:45:02.450root 11241100x80000000000000004021775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48ca1e0b03ec899b2021-12-22 12:45:02.450root 11241100x80000000000000004021776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23cb61539ba3c8092021-12-22 12:45:02.450root 11241100x80000000000000004021777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cf5daff589855cf2021-12-22 12:45:02.450root 11241100x80000000000000004021778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4405afc0c03e7402021-12-22 12:45:02.943root 11241100x80000000000000004021779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd13cd69579975202021-12-22 12:45:02.944root 11241100x80000000000000004021780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06d4230b9f9a487e2021-12-22 12:45:02.944root 11241100x80000000000000004021781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.032ff1b2511e34362021-12-22 12:45:02.944root 11241100x80000000000000004021782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.274c98c43c5f36982021-12-22 12:45:02.944root 11241100x80000000000000004021783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b93aedbce48584442021-12-22 12:45:02.944root 11241100x80000000000000004021784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6471e7f85712710c2021-12-22 12:45:02.945root 11241100x80000000000000004021785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a8fe4154dd207142021-12-22 12:45:02.945root 11241100x80000000000000004021786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a968d806ef6acc2021-12-22 12:45:02.945root 11241100x80000000000000004021787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.601fc9e046c06d582021-12-22 12:45:02.945root 11241100x80000000000000004021788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d9596170db2f8b72021-12-22 12:45:02.946root 11241100x80000000000000004021789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.401235097147dcb12021-12-22 12:45:02.946root 11241100x80000000000000004021790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9517d7057fd4efd22021-12-22 12:45:02.946root 11241100x80000000000000004021791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4656900d0eac66e2021-12-22 12:45:02.946root 11241100x80000000000000004021792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.899ce6753f5398ae2021-12-22 12:45:02.946root 11241100x80000000000000004021793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42bc45f361e3251c2021-12-22 12:45:02.947root 11241100x80000000000000004021794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2af58a671818da802021-12-22 12:45:02.947root 11241100x80000000000000004021795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.687171a2aa7473e92021-12-22 12:45:02.947root 11241100x80000000000000004021796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95f5a3e7b4ee18b42021-12-22 12:45:02.947root 11241100x80000000000000004021797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21171cc6a6cbe9ec2021-12-22 12:45:02.947root 11241100x80000000000000004021798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fb82784a00247e02021-12-22 12:45:02.947root 11241100x80000000000000004021799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b31a1aab3a4c3e72021-12-22 12:45:02.947root 11241100x80000000000000004021800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b14043ec27b45a2021-12-22 12:45:02.948root 11241100x80000000000000004021801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb32292f3268960b2021-12-22 12:45:02.948root 11241100x80000000000000004021802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f23b73f5b235bfc2021-12-22 12:45:02.948root 11241100x80000000000000004021803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.931ced8365abbd142021-12-22 12:45:02.948root 11241100x80000000000000004021804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20b478ae79d2673f2021-12-22 12:45:02.948root 11241100x80000000000000004021805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.240f96441f8fe6ea2021-12-22 12:45:02.948root 11241100x80000000000000004021806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da5f424ab029724c2021-12-22 12:45:02.948root 11241100x80000000000000004021807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.078ba71b8b3ab21e2021-12-22 12:45:02.948root 11241100x80000000000000004021808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea395809b58bbb142021-12-22 12:45:02.948root 11241100x80000000000000004021809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d636b2b8b91fae562021-12-22 12:45:02.949root 11241100x80000000000000004021810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4547b7d8c1fd5d52021-12-22 12:45:02.949root 11241100x80000000000000004021811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae9fad1968796bfa2021-12-22 12:45:02.949root 11241100x80000000000000004021812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1d980d61bd947be2021-12-22 12:45:02.949root 11241100x80000000000000004021813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40403a0c46f91cb72021-12-22 12:45:02.949root 11241100x80000000000000004021814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b79eb4759c2f6112021-12-22 12:45:02.949root 11241100x80000000000000004021815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2468eca7c546fc682021-12-22 12:45:02.949root 11241100x80000000000000004021816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1631b00eeb6eacb2021-12-22 12:45:02.950root 11241100x80000000000000004021817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.141d1ee7afa9927e2021-12-22 12:45:02.950root 11241100x80000000000000004021818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dd1a094d5b16b6c2021-12-22 12:45:02.950root 11241100x80000000000000004021819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bdc53651c086a162021-12-22 12:45:02.950root 11241100x80000000000000004021820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.784ce3bb5850b3b22021-12-22 12:45:02.950root 11241100x80000000000000004021821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c5e3183857ca08e2021-12-22 12:45:02.950root 11241100x80000000000000004021822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a730bab416a88c482021-12-22 12:45:02.950root 11241100x80000000000000004021823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7bb37e882dc6d8c2021-12-22 12:45:02.950root 11241100x80000000000000004021824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.053692131a4ae4862021-12-22 12:45:02.951root 11241100x80000000000000004021825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62ca789a346921702021-12-22 12:45:02.951root 11241100x80000000000000004021826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1a208b207ec8f9e2021-12-22 12:45:02.951root 11241100x80000000000000004021827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f1127b4bf28f9f52021-12-22 12:45:02.951root 11241100x80000000000000004021828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea27f5b63d792ffd2021-12-22 12:45:02.951root 11241100x80000000000000004021829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.137eaf6dc127b6db2021-12-22 12:45:02.951root 11241100x80000000000000004021830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a5cadf84664b3992021-12-22 12:45:02.951root 11241100x80000000000000004021831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff0448b4a806b2ef2021-12-22 12:45:02.951root 11241100x80000000000000004021832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:02.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46ada49c5b86d4192021-12-22 12:45:02.951root 11241100x80000000000000004021833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.124{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-22 12:45:03.124root 11241100x80000000000000004021834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e74bcd25b21675fe2021-12-22 12:45:03.444root 11241100x80000000000000004021835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03d79e9aacc85e6c2021-12-22 12:45:03.444root 11241100x80000000000000004021836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a40448e1f7787a7e2021-12-22 12:45:03.444root 11241100x80000000000000004021837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d9b45eda8597a6e2021-12-22 12:45:03.444root 11241100x80000000000000004021838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3112e89a4ebbf5702021-12-22 12:45:03.444root 11241100x80000000000000004021839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7530b6fbef4a84032021-12-22 12:45:03.444root 11241100x80000000000000004021840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1b1b7582f683e9a2021-12-22 12:45:03.444root 11241100x80000000000000004021841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba710d4acd4965d32021-12-22 12:45:03.444root 11241100x80000000000000004021842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9756608328b0ecbb2021-12-22 12:45:03.445root 11241100x80000000000000004021843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd2cbbcf29d9303d2021-12-22 12:45:03.445root 11241100x80000000000000004021844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e12788bd582e76162021-12-22 12:45:03.445root 11241100x80000000000000004021845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ae3a85a8607b4d12021-12-22 12:45:03.445root 11241100x80000000000000004021846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1f5701f1df163a52021-12-22 12:45:03.445root 11241100x80000000000000004021847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0269d247eba879c52021-12-22 12:45:03.445root 11241100x80000000000000004021848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22303a84b56d08d52021-12-22 12:45:03.445root 11241100x80000000000000004021849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee0cc24b7c67cddc2021-12-22 12:45:03.445root 11241100x80000000000000004021850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e4684a411e0206f2021-12-22 12:45:03.445root 11241100x80000000000000004021851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fc8236aecc8e3ae2021-12-22 12:45:03.445root 11241100x80000000000000004021852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f54145e30e1e7d32021-12-22 12:45:03.446root 11241100x80000000000000004021853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e14d75385973c5b62021-12-22 12:45:03.446root 11241100x80000000000000004021854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79c7f3bcc7d3ff2f2021-12-22 12:45:03.446root 11241100x80000000000000004021855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceb2fda7c890d2fa2021-12-22 12:45:03.446root 11241100x80000000000000004021856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f482b06a229cd232021-12-22 12:45:03.446root 11241100x80000000000000004021857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2c7e52e1d9d82842021-12-22 12:45:03.446root 11241100x80000000000000004021858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23e50a1db218add62021-12-22 12:45:03.446root 11241100x80000000000000004021859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccfd8c315bffc5d72021-12-22 12:45:03.447root 11241100x80000000000000004021860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a12446db6a27f0aa2021-12-22 12:45:03.447root 11241100x80000000000000004021861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.188d13920e77275d2021-12-22 12:45:03.447root 11241100x80000000000000004021862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d21223696d9ad0ca2021-12-22 12:45:03.447root 11241100x80000000000000004021863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64c97268e0159f662021-12-22 12:45:03.448root 11241100x80000000000000004021864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4a82f4b2c16221f2021-12-22 12:45:03.448root 11241100x80000000000000004021865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f94781ae40845172021-12-22 12:45:03.448root 11241100x80000000000000004021866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2366e0903bdb457d2021-12-22 12:45:03.448root 11241100x80000000000000004021867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93296c787aeca6092021-12-22 12:45:03.448root 11241100x80000000000000004021868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ea43c6e9d1317d72021-12-22 12:45:03.448root 11241100x80000000000000004021869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79d8bb198cbfd8812021-12-22 12:45:03.448root 11241100x80000000000000004021870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02625af0fb97119c2021-12-22 12:45:03.448root 11241100x80000000000000004021871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.560bd2fde49ce7b32021-12-22 12:45:03.448root 11241100x80000000000000004021872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.489122d0397e7a512021-12-22 12:45:03.448root 11241100x80000000000000004021873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf9117a27f6959592021-12-22 12:45:03.448root 11241100x80000000000000004021874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ebbbbf777f335b52021-12-22 12:45:03.449root 11241100x80000000000000004021875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e1a51b968e1449b2021-12-22 12:45:03.449root 11241100x80000000000000004021876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb6f299c1170a9182021-12-22 12:45:03.449root 11241100x80000000000000004021877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.192d23b11deb90532021-12-22 12:45:03.450root 11241100x80000000000000004021878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2282ded5a097d2102021-12-22 12:45:03.450root 11241100x80000000000000004021879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90353a240839bb802021-12-22 12:45:03.450root 11241100x80000000000000004021880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9470cee4d5a512882021-12-22 12:45:03.450root 11241100x80000000000000004021881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c4eee8f57b4d5e42021-12-22 12:45:03.943root 11241100x80000000000000004021882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7e081277a5a07392021-12-22 12:45:03.943root 11241100x80000000000000004021883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aded94c7a4d633632021-12-22 12:45:03.943root 11241100x80000000000000004021884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e7e870f2d513972021-12-22 12:45:03.943root 11241100x80000000000000004021885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32c7902ee674ac4d2021-12-22 12:45:03.944root 11241100x80000000000000004021886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feb67ceee44a41972021-12-22 12:45:03.944root 11241100x80000000000000004021887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0725f41fd72cc85e2021-12-22 12:45:03.944root 11241100x80000000000000004021888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ba0a6ebc3e0fa1c2021-12-22 12:45:03.944root 11241100x80000000000000004021889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7247410f0c884c9d2021-12-22 12:45:03.944root 11241100x80000000000000004021890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9af42263d144c7ba2021-12-22 12:45:03.944root 11241100x80000000000000004021891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e3316a198fde5f92021-12-22 12:45:03.944root 11241100x80000000000000004021892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8dd6eda0a57f47c2021-12-22 12:45:03.944root 11241100x80000000000000004021893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6124b215e9448702021-12-22 12:45:03.944root 11241100x80000000000000004021894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f891d1ea8e719be2021-12-22 12:45:03.944root 11241100x80000000000000004021895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24c4c0a50624c7fb2021-12-22 12:45:03.944root 11241100x80000000000000004021896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d29fcf0c625318d62021-12-22 12:45:03.944root 11241100x80000000000000004021897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d484db0dcc183132021-12-22 12:45:03.944root 11241100x80000000000000004021898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bb50af61941c21b2021-12-22 12:45:03.944root 11241100x80000000000000004021899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ba8dd879235f052021-12-22 12:45:03.944root 11241100x80000000000000004021900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60bd83e70e7bc1fe2021-12-22 12:45:03.944root 11241100x80000000000000004021901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7861d012e52ac1ab2021-12-22 12:45:03.944root 11241100x80000000000000004021902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c9ab207ce4fcf6c2021-12-22 12:45:03.945root 11241100x80000000000000004021903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bccb10810ed9698c2021-12-22 12:45:03.945root 11241100x80000000000000004021904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c6e01ca0c4d587f2021-12-22 12:45:03.945root 11241100x80000000000000004021905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3975fb0afc6b615b2021-12-22 12:45:03.945root 11241100x80000000000000004021906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b97102eaf57fa5f42021-12-22 12:45:03.945root 11241100x80000000000000004021907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15953c06c21f80f82021-12-22 12:45:03.945root 11241100x80000000000000004021908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb2523f64a59d7202021-12-22 12:45:03.945root 11241100x80000000000000004021909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af97bdddee5a1ad52021-12-22 12:45:03.945root 11241100x80000000000000004021910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f31d2d3f4dbde52e2021-12-22 12:45:03.945root 11241100x80000000000000004021911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a829351d687db59f2021-12-22 12:45:03.945root 11241100x80000000000000004021912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c033044ac4b5d7e2021-12-22 12:45:03.945root 11241100x80000000000000004021913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5582759d08ff25472021-12-22 12:45:03.945root 11241100x80000000000000004021914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.016071451fe8d2fd2021-12-22 12:45:03.946root 11241100x80000000000000004021915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd3109d985e138382021-12-22 12:45:03.946root 11241100x80000000000000004021916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.255f9e37d0949c302021-12-22 12:45:03.946root 11241100x80000000000000004021917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f50e9309f695e932021-12-22 12:45:03.946root 11241100x80000000000000004021918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23bfaa5de33083d62021-12-22 12:45:03.946root 11241100x80000000000000004021919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fd45cefc37939b12021-12-22 12:45:03.947root 11241100x80000000000000004021920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2ca2e127fc4e4f62021-12-22 12:45:03.947root 11241100x80000000000000004021921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bbcce37e2543cfa2021-12-22 12:45:03.947root 11241100x80000000000000004021922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b86a674ffea0a592021-12-22 12:45:03.947root 11241100x80000000000000004021923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aba9c116cd83fc572021-12-22 12:45:03.947root 11241100x80000000000000004021924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b8f7d48e7cd55dc2021-12-22 12:45:03.947root 11241100x80000000000000004021925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4606a6dec0f57aa72021-12-22 12:45:03.947root 11241100x80000000000000004021926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5cdd17e0e684a7d2021-12-22 12:45:03.947root 11241100x80000000000000004021927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6de9aed9500bdba32021-12-22 12:45:03.947root 11241100x80000000000000004021928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c703ac254552a912021-12-22 12:45:03.947root 11241100x80000000000000004021929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64ee8e223bea09882021-12-22 12:45:03.948root 11241100x80000000000000004021930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a88da1c6dc555762021-12-22 12:45:03.948root 11241100x80000000000000004021931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28d10aef660e58e52021-12-22 12:45:03.948root 11241100x80000000000000004021932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83af33558b53b4792021-12-22 12:45:03.948root 11241100x80000000000000004021933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a919931629ff2ad92021-12-22 12:45:03.948root 11241100x80000000000000004021934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.742a0e2a740ae5ab2021-12-22 12:45:03.948root 11241100x80000000000000004021935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7c7f3385a102d8c2021-12-22 12:45:03.948root 11241100x80000000000000004021936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecdc268ea9a4c8f32021-12-22 12:45:03.948root 11241100x80000000000000004021937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b23569ce0ad3ecbd2021-12-22 12:45:03.948root 11241100x80000000000000004021938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b25da705b4f331a62021-12-22 12:45:03.948root 11241100x80000000000000004021939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f86dc5033f5c739e2021-12-22 12:45:03.948root 11241100x80000000000000004021940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bada11073e8f1e72021-12-22 12:45:03.948root 11241100x80000000000000004021941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92a10a0af1a7aef82021-12-22 12:45:03.948root 11241100x80000000000000004021942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1341575fe74a39152021-12-22 12:45:03.948root 11241100x80000000000000004021943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6772e71299b796582021-12-22 12:45:03.948root 11241100x80000000000000004021944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d113dbfaa74efbc2021-12-22 12:45:03.948root 11241100x80000000000000004021945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.718e81ad0333f6ca2021-12-22 12:45:03.949root 11241100x80000000000000004021946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f826036b19657cf02021-12-22 12:45:03.949root 11241100x80000000000000004021947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d05b8c085b4795e62021-12-22 12:45:03.949root 11241100x80000000000000004021948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f046ce9684c6e112021-12-22 12:45:03.949root 11241100x80000000000000004021949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed22e6e0e21b9c112021-12-22 12:45:03.949root 11241100x80000000000000004021950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bf87fe2cf68d4812021-12-22 12:45:03.949root 11241100x80000000000000004021951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7a1aff86e0257ce2021-12-22 12:45:03.949root 11241100x80000000000000004021952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cefacd3796ec12f2021-12-22 12:45:03.949root 11241100x80000000000000004021953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c3d75ddd2af18fb2021-12-22 12:45:03.949root 11241100x80000000000000004021954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e472eafb816ac132021-12-22 12:45:03.949root 11241100x80000000000000004021955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dbbfff6fb67e9162021-12-22 12:45:03.949root 11241100x80000000000000004021956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.607950e1eedec59c2021-12-22 12:45:03.950root 11241100x80000000000000004021957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c024abec361b0f02021-12-22 12:45:03.950root 11241100x80000000000000004021958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5548d88b5af7d6b42021-12-22 12:45:03.950root 11241100x80000000000000004021959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.badfeb2c8d4453de2021-12-22 12:45:03.950root 11241100x80000000000000004021960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97bf9333c49f28a32021-12-22 12:45:03.950root 11241100x80000000000000004021961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99e271e5252678ca2021-12-22 12:45:03.950root 11241100x80000000000000004021962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b82bb06ae798372021-12-22 12:45:03.950root 11241100x80000000000000004021963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc2d54ee8c8b2e852021-12-22 12:45:03.950root 11241100x80000000000000004021964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.441c267ab5e6b7322021-12-22 12:45:03.950root 11241100x80000000000000004021965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34ff6895225f255c2021-12-22 12:45:03.950root 11241100x80000000000000004021966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.939932fe9e387f912021-12-22 12:45:03.950root 11241100x80000000000000004021967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f2df6d9ad65f9762021-12-22 12:45:03.950root 11241100x80000000000000004021968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80a829fa0d80b55f2021-12-22 12:45:03.950root 11241100x80000000000000004021969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9679a072245ae772021-12-22 12:45:03.950root 11241100x80000000000000004021970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ed055039dd5aa122021-12-22 12:45:03.950root 11241100x80000000000000004021971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d371213d48ae5e22021-12-22 12:45:03.950root 11241100x80000000000000004021972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfb2f217b8dffeaa2021-12-22 12:45:03.950root 11241100x80000000000000004021973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cc64efbda0967032021-12-22 12:45:03.951root 11241100x80000000000000004021974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c5d5562e7b28e7c2021-12-22 12:45:03.951root 11241100x80000000000000004021975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3781e615ba2a5ab92021-12-22 12:45:03.951root 11241100x80000000000000004021976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.072006d0b9f8307c2021-12-22 12:45:03.951root 11241100x80000000000000004021977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a6dcd9fc1f32ce92021-12-22 12:45:03.951root 11241100x80000000000000004021978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1728181aa98bc2432021-12-22 12:45:03.951root 11241100x80000000000000004021979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.106700ba3d75c5632021-12-22 12:45:03.951root 11241100x80000000000000004021980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93b832c53c3fc6f12021-12-22 12:45:03.951root 11241100x80000000000000004021981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5624ab142f324c522021-12-22 12:45:03.951root 11241100x80000000000000004021982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4939c19d4a2bf5342021-12-22 12:45:03.951root 11241100x80000000000000004021983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc3245dec91971d62021-12-22 12:45:03.951root 11241100x80000000000000004021984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60c32bc94078c8812021-12-22 12:45:03.951root 11241100x80000000000000004021985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0b1cbbeb07ccd3e2021-12-22 12:45:03.951root 11241100x80000000000000004021986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd47fb8ebe4d49582021-12-22 12:45:03.951root 11241100x80000000000000004021987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba52ebbc9afd64442021-12-22 12:45:03.951root 11241100x80000000000000004021988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea4fa4ddebdae2f02021-12-22 12:45:03.951root 11241100x80000000000000004021989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e44cc2492f44bbd2021-12-22 12:45:03.952root 11241100x80000000000000004021990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4bbf6fb662e5d852021-12-22 12:45:03.952root 11241100x80000000000000004021991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5431603aa18b7ab2021-12-22 12:45:03.952root 11241100x80000000000000004021992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04e7a94fccc69dce2021-12-22 12:45:03.952root 11241100x80000000000000004021993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a39114d1ebd7ee6d2021-12-22 12:45:03.952root 11241100x80000000000000004021994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ced4dfce7a1acbb62021-12-22 12:45:03.953root 11241100x80000000000000004021995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8db66b4b7fd0815c2021-12-22 12:45:03.953root 11241100x80000000000000004021996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01323ce841fd79072021-12-22 12:45:03.953root 11241100x80000000000000004021997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaed1a7e092f3eed2021-12-22 12:45:03.953root 11241100x80000000000000004021998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfc570f6789b9f992021-12-22 12:45:03.953root 11241100x80000000000000004021999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdd622fb4eb268632021-12-22 12:45:03.953root 11241100x80000000000000004022000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7eef44c8f5ac8ae2021-12-22 12:45:03.953root 11241100x80000000000000004022001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff0ea8d7e8e70aac2021-12-22 12:45:03.953root 11241100x80000000000000004022002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.883cc8633d2fd52b2021-12-22 12:45:03.953root 11241100x80000000000000004022003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa2f301f403667542021-12-22 12:45:03.954root 11241100x80000000000000004022004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa24feb4e595ff02021-12-22 12:45:03.954root 11241100x80000000000000004022005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10f3603480073ffb2021-12-22 12:45:03.954root 11241100x80000000000000004022006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e422c5081ad4a70b2021-12-22 12:45:03.954root 11241100x80000000000000004022007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.188f7e688c88c4552021-12-22 12:45:03.954root 11241100x80000000000000004022008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96dee0e6a0208cdc2021-12-22 12:45:03.954root 11241100x80000000000000004022009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b8378a3643e3cb62021-12-22 12:45:03.954root 11241100x80000000000000004022010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a710e6cca9bc2d42021-12-22 12:45:03.954root 11241100x80000000000000004022011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33ed10db7dc756242021-12-22 12:45:03.954root 11241100x80000000000000004022012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ab78e61dfc207952021-12-22 12:45:03.954root 11241100x80000000000000004022013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30536320fc6293852021-12-22 12:45:03.955root 11241100x80000000000000004022014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1716a9464e4b3342021-12-22 12:45:03.955root 11241100x80000000000000004022015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.683a0a06b6513ba62021-12-22 12:45:03.955root 11241100x80000000000000004022016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3bef16f77642e5d2021-12-22 12:45:03.955root 11241100x80000000000000004022017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22547e1c7b59e5522021-12-22 12:45:03.955root 11241100x80000000000000004022018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b0eedc45e96eb3a2021-12-22 12:45:03.955root 11241100x80000000000000004022019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5044b690681500f32021-12-22 12:45:03.955root 11241100x80000000000000004022020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac75225ee2ce22222021-12-22 12:45:03.955root 11241100x80000000000000004022021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9464b6dfda93e9c2021-12-22 12:45:03.955root 11241100x80000000000000004022022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:03.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bd9557feaab73872021-12-22 12:45:03.955root 11241100x80000000000000004022023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e18ab57abc19adb82021-12-22 12:45:04.443root 11241100x80000000000000004022024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e9a9a09835ee8332021-12-22 12:45:04.443root 11241100x80000000000000004022025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c95ea9e478617ba82021-12-22 12:45:04.443root 11241100x80000000000000004022026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05a620a4554feafa2021-12-22 12:45:04.443root 11241100x80000000000000004022027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c88691c588c63fc52021-12-22 12:45:04.443root 11241100x80000000000000004022028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff146ca7f99e57d2021-12-22 12:45:04.444root 11241100x80000000000000004022029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.770dca2863656cd92021-12-22 12:45:04.444root 11241100x80000000000000004022030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8513d5d9dfcfebca2021-12-22 12:45:04.444root 11241100x80000000000000004022031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.870dfaa6f9ca6c2b2021-12-22 12:45:04.444root 11241100x80000000000000004022032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a9fcf6790d8f4412021-12-22 12:45:04.444root 11241100x80000000000000004022033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.269733a83fe2cae82021-12-22 12:45:04.444root 11241100x80000000000000004022034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.531552be398439a72021-12-22 12:45:04.444root 11241100x80000000000000004022035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce16146fd46c36ea2021-12-22 12:45:04.444root 11241100x80000000000000004022036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d13647ffe73f0ccb2021-12-22 12:45:04.445root 11241100x80000000000000004022037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36c48303034b28202021-12-22 12:45:04.445root 11241100x80000000000000004022038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c575c67c82123f502021-12-22 12:45:04.445root 11241100x80000000000000004022039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc530ae915dc25fd2021-12-22 12:45:04.445root 11241100x80000000000000004022040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1b3c840d70847832021-12-22 12:45:04.445root 11241100x80000000000000004022041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8474736547053d252021-12-22 12:45:04.445root 11241100x80000000000000004022042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45bbcb77dd2d57c02021-12-22 12:45:04.445root 11241100x80000000000000004022043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.731f05ff88645edb2021-12-22 12:45:04.445root 11241100x80000000000000004022044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3dd6e00e646e5002021-12-22 12:45:04.445root 11241100x80000000000000004022045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34e268bbc8ff3f542021-12-22 12:45:04.446root 11241100x80000000000000004022046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62532e7252ae0c362021-12-22 12:45:04.446root 11241100x80000000000000004022047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c111c7aee09a7c652021-12-22 12:45:04.446root 11241100x80000000000000004022048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d8005740025a8db2021-12-22 12:45:04.446root 11241100x80000000000000004022049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ac8937a10c1ace42021-12-22 12:45:04.446root 11241100x80000000000000004022050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35d823c17087cfff2021-12-22 12:45:04.446root 11241100x80000000000000004022051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.777c67a8ebd197092021-12-22 12:45:04.446root 11241100x80000000000000004022052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48096dab0724fe342021-12-22 12:45:04.446root 11241100x80000000000000004022053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.163db0a74c244aac2021-12-22 12:45:04.447root 11241100x80000000000000004022054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dacca74a29c032be2021-12-22 12:45:04.447root 11241100x80000000000000004022055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8a61e2a46b5847c2021-12-22 12:45:04.447root 11241100x80000000000000004022056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e7c5659b6d0357d2021-12-22 12:45:04.447root 11241100x80000000000000004022057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa88917056c0a6602021-12-22 12:45:04.447root 11241100x80000000000000004022058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cb50c756bb120ed2021-12-22 12:45:04.448root 11241100x80000000000000004022059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d5676ef0615ef932021-12-22 12:45:04.448root 11241100x80000000000000004022060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2ce7a17fd2d328c2021-12-22 12:45:04.448root 11241100x80000000000000004022061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c41756398d28bca2021-12-22 12:45:04.448root 11241100x80000000000000004022062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98b296a840c6ce7b2021-12-22 12:45:04.448root 11241100x80000000000000004022063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dab2a4ff532c85ee2021-12-22 12:45:04.448root 11241100x80000000000000004022064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45f3637408d51c592021-12-22 12:45:04.449root 11241100x80000000000000004022065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d0c45bbb277805f2021-12-22 12:45:04.449root 11241100x80000000000000004022066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.996bb6ec8024829e2021-12-22 12:45:04.449root 11241100x80000000000000004022067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea75a71da00e2bc2021-12-22 12:45:04.449root 11241100x80000000000000004022068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.972506b2d79b45b32021-12-22 12:45:04.449root 11241100x80000000000000004022069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.805d10445432d37b2021-12-22 12:45:04.449root 11241100x80000000000000004022070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5becbe7eecd30592021-12-22 12:45:04.449root 11241100x80000000000000004022071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd786510bc6426972021-12-22 12:45:04.450root 11241100x80000000000000004022072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b98cdc384d42f5b2021-12-22 12:45:04.450root 11241100x80000000000000004022073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5010005b1b27243d2021-12-22 12:45:04.943root 11241100x80000000000000004022074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d18f5aeb2c7416e2021-12-22 12:45:04.943root 11241100x80000000000000004022075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5014d3fc1c602d8b2021-12-22 12:45:04.943root 11241100x80000000000000004022076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a0ce0f50c1e4342021-12-22 12:45:04.943root 11241100x80000000000000004022077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae88b084b0ed35422021-12-22 12:45:04.943root 11241100x80000000000000004022078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36fc6b41c807d18f2021-12-22 12:45:04.943root 11241100x80000000000000004022079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33215f9a5a7a6f5f2021-12-22 12:45:04.943root 11241100x80000000000000004022080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84a9cfad7c7b94752021-12-22 12:45:04.944root 11241100x80000000000000004022081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e62e136764c85962021-12-22 12:45:04.944root 11241100x80000000000000004022082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e9bd0e3ace71e722021-12-22 12:45:04.944root 11241100x80000000000000004022083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0592aeeef2ee4a9e2021-12-22 12:45:04.944root 11241100x80000000000000004022084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f826881e32d47a82021-12-22 12:45:04.944root 11241100x80000000000000004022085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eab0d5d4d65bbbd12021-12-22 12:45:04.944root 11241100x80000000000000004022086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ae2e085f51aa8bf2021-12-22 12:45:04.944root 11241100x80000000000000004022087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fefe1461db66ce7e2021-12-22 12:45:04.944root 11241100x80000000000000004022088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55ed85061c16077f2021-12-22 12:45:04.944root 11241100x80000000000000004022089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0842e29577b8ac12021-12-22 12:45:04.944root 11241100x80000000000000004022090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59ca314b29bd5da02021-12-22 12:45:04.944root 11241100x80000000000000004022091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68426f25cd7f3b9e2021-12-22 12:45:04.945root 11241100x80000000000000004022092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1fe16fd72fa51522021-12-22 12:45:04.945root 11241100x80000000000000004022093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74984d192cbc75ce2021-12-22 12:45:04.945root 11241100x80000000000000004022094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1677eafc1882e8152021-12-22 12:45:04.945root 11241100x80000000000000004022095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15af32c430d357d12021-12-22 12:45:04.945root 11241100x80000000000000004022096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.049c679e50e5a9a82021-12-22 12:45:04.945root 11241100x80000000000000004022097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fff3f61c6d0ccd8f2021-12-22 12:45:04.945root 11241100x80000000000000004022098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84d101d1497d109d2021-12-22 12:45:04.946root 11241100x80000000000000004022099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fcd6b4aa84bc6eb2021-12-22 12:45:04.946root 11241100x80000000000000004022100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc4aa7d70deb8a0a2021-12-22 12:45:04.946root 11241100x80000000000000004022101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b64c9151c442c9d2021-12-22 12:45:04.946root 11241100x80000000000000004022102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f37580b1c7ec99f2021-12-22 12:45:04.946root 11241100x80000000000000004022103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7a1c6069d128a532021-12-22 12:45:04.946root 11241100x80000000000000004022104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.770a908fb320f16d2021-12-22 12:45:04.946root 11241100x80000000000000004022105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd4d00c4fa22eccd2021-12-22 12:45:04.947root 11241100x80000000000000004022106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c454b6b866cc9ff2021-12-22 12:45:04.947root 11241100x80000000000000004022107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de5ac1ca8951323d2021-12-22 12:45:04.947root 11241100x80000000000000004022108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44f1305551466c522021-12-22 12:45:04.947root 11241100x80000000000000004022109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3096587bf432b4c42021-12-22 12:45:04.947root 11241100x80000000000000004022110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad8ed55e140481692021-12-22 12:45:04.947root 11241100x80000000000000004022111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29d6165355c7bae22021-12-22 12:45:04.948root 11241100x80000000000000004022112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4221f51dcb0d3c222021-12-22 12:45:04.948root 11241100x80000000000000004022113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e51f00e788b45dc72021-12-22 12:45:04.948root 11241100x80000000000000004022114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11d99afb20214fc92021-12-22 12:45:04.948root 11241100x80000000000000004022115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7579b1491e39df42021-12-22 12:45:04.948root 11241100x80000000000000004022116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6510eaf352aac6532021-12-22 12:45:04.948root 11241100x80000000000000004022117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61c4aeec40f04a5d2021-12-22 12:45:04.948root 11241100x80000000000000004022118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0320ec7366e65ad2021-12-22 12:45:04.949root 11241100x80000000000000004022119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c63a45e612689dfd2021-12-22 12:45:04.949root 11241100x80000000000000004022120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3269f4a9aa4f3e02021-12-22 12:45:04.949root 11241100x80000000000000004022121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98769e5a4096d9d42021-12-22 12:45:04.949root 11241100x80000000000000004022122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80905a2d8aefc0d12021-12-22 12:45:04.949root 11241100x80000000000000004022123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d99d397163876d412021-12-22 12:45:04.949root 11241100x80000000000000004022124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a4acc8d70f98a1e2021-12-22 12:45:04.949root 11241100x80000000000000004022125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dade5b8addeaaaf32021-12-22 12:45:04.950root 11241100x80000000000000004022126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e8ba75626d194932021-12-22 12:45:04.950root 11241100x80000000000000004022127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cb331cd8d29a28e2021-12-22 12:45:04.950root 11241100x80000000000000004022128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:04.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0ea1c8e4966f4a22021-12-22 12:45:04.950root 11241100x80000000000000004022129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df97ed1d716c70602021-12-22 12:45:05.443root 11241100x80000000000000004022130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9253f4d0f165ca8e2021-12-22 12:45:05.443root 11241100x80000000000000004022131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27612900357319522021-12-22 12:45:05.444root 11241100x80000000000000004022132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a168e329d9fd2b1d2021-12-22 12:45:05.444root 11241100x80000000000000004022133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79525611a5a7d1712021-12-22 12:45:05.444root 11241100x80000000000000004022134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22b6a000d7e6580e2021-12-22 12:45:05.444root 11241100x80000000000000004022135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.753709a6d0280feb2021-12-22 12:45:05.444root 11241100x80000000000000004022136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7b63e4c770129742021-12-22 12:45:05.445root 11241100x80000000000000004022137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.162d949e6b37b2b42021-12-22 12:45:05.445root 11241100x80000000000000004022138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.620840ad5e22682e2021-12-22 12:45:05.445root 11241100x80000000000000004022139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6412c45cb0c5d172021-12-22 12:45:05.445root 11241100x80000000000000004022140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39d5647204992d482021-12-22 12:45:05.445root 11241100x80000000000000004022141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abe1b6d40fe56bea2021-12-22 12:45:05.445root 11241100x80000000000000004022142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e9aabe93af536a22021-12-22 12:45:05.445root 11241100x80000000000000004022143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b58ac4bf5d392352021-12-22 12:45:05.446root 11241100x80000000000000004022144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b39e54c147d6ec22021-12-22 12:45:05.446root 11241100x80000000000000004022145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9309990839ee0f72021-12-22 12:45:05.446root 11241100x80000000000000004022146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c323a6e6d98bc3ae2021-12-22 12:45:05.446root 11241100x80000000000000004022147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9c24b3c64ff70512021-12-22 12:45:05.446root 11241100x80000000000000004022148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0843ac756a3a4d462021-12-22 12:45:05.446root 11241100x80000000000000004022149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b585f14fa9b887282021-12-22 12:45:05.446root 11241100x80000000000000004022150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd18c572d2099fa42021-12-22 12:45:05.446root 11241100x80000000000000004022151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d58509942ea52192021-12-22 12:45:05.446root 11241100x80000000000000004022152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98a8747e376975d62021-12-22 12:45:05.446root 11241100x80000000000000004022153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9adaa3e3976ea52e2021-12-22 12:45:05.447root 11241100x80000000000000004022154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c4a0600f7db6cd12021-12-22 12:45:05.447root 11241100x80000000000000004022155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3959bddb1c1bef132021-12-22 12:45:05.447root 11241100x80000000000000004022156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eadeba6e86eca472021-12-22 12:45:05.447root 11241100x80000000000000004022157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.423eee07d4a388b12021-12-22 12:45:05.447root 11241100x80000000000000004022158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a9d376dcb4e18a52021-12-22 12:45:05.447root 11241100x80000000000000004022159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a621541cc41b36f22021-12-22 12:45:05.447root 11241100x80000000000000004022160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3633a3255b5c5aee2021-12-22 12:45:05.447root 11241100x80000000000000004022161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62c23dd8e494860a2021-12-22 12:45:05.447root 11241100x80000000000000004022162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.722baf89d0993b8a2021-12-22 12:45:05.448root 11241100x80000000000000004022163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eb12f37d190aa802021-12-22 12:45:05.448root 11241100x80000000000000004022164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82cd5d13de39250b2021-12-22 12:45:05.448root 11241100x80000000000000004022165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcff661669f698ae2021-12-22 12:45:05.448root 11241100x80000000000000004022166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbfa5fa0d334656d2021-12-22 12:45:05.448root 11241100x80000000000000004022167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0333ca44425df3e72021-12-22 12:45:05.448root 11241100x80000000000000004022168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df819e963eed10422021-12-22 12:45:05.448root 11241100x80000000000000004022169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deaf64eb88ef0eaf2021-12-22 12:45:05.448root 11241100x80000000000000004022170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.617e55be11684d202021-12-22 12:45:05.448root 11241100x80000000000000004022171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35c984943007918c2021-12-22 12:45:05.448root 11241100x80000000000000004022172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c71d3412ad6aea612021-12-22 12:45:05.449root 11241100x80000000000000004022173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27bb8ed3db16ed2c2021-12-22 12:45:05.449root 11241100x80000000000000004022174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c06e82b6520c452021-12-22 12:45:05.449root 11241100x80000000000000004022175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8587f53210f89ced2021-12-22 12:45:05.449root 11241100x80000000000000004022176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc7a90bd6cfeeeb92021-12-22 12:45:05.449root 11241100x80000000000000004022177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.166dfa09a9bb00ed2021-12-22 12:45:05.449root 11241100x80000000000000004022178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a53531b44ab5812f2021-12-22 12:45:05.449root 11241100x80000000000000004022179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb8b665a1314b93f2021-12-22 12:45:05.449root 11241100x80000000000000004022180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21a3dab8903fd3222021-12-22 12:45:05.943root 11241100x80000000000000004022181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d179552700733932021-12-22 12:45:05.943root 11241100x80000000000000004022182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5782e494276d3d7e2021-12-22 12:45:05.943root 11241100x80000000000000004022183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a412fe8eb111aac22021-12-22 12:45:05.944root 11241100x80000000000000004022184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1ca0c74379f08f82021-12-22 12:45:05.944root 11241100x80000000000000004022185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4644ee942ca8f6562021-12-22 12:45:05.944root 11241100x80000000000000004022186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bf2e1f12f8297e32021-12-22 12:45:05.944root 11241100x80000000000000004022187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a4ffade264b700e2021-12-22 12:45:05.944root 11241100x80000000000000004022188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0db57acca3756862021-12-22 12:45:05.944root 11241100x80000000000000004022189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b60c8bf7d05932742021-12-22 12:45:05.945root 11241100x80000000000000004022190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d49e0631c22c3e5f2021-12-22 12:45:05.945root 11241100x80000000000000004022191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f463e29054d430a2021-12-22 12:45:05.945root 11241100x80000000000000004022192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44a4eb879809c1aa2021-12-22 12:45:05.945root 11241100x80000000000000004022193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfcb30b9e7418e3a2021-12-22 12:45:05.945root 11241100x80000000000000004022194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47761ae2064762982021-12-22 12:45:05.945root 11241100x80000000000000004022195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89dfddcede0c7e612021-12-22 12:45:05.945root 11241100x80000000000000004022196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0990a5d665c51c512021-12-22 12:45:05.945root 11241100x80000000000000004022197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75cec33cfbd946e62021-12-22 12:45:05.945root 11241100x80000000000000004022198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c28fee28231ec33b2021-12-22 12:45:05.946root 11241100x80000000000000004022199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e82fe111f2647182021-12-22 12:45:05.946root 11241100x80000000000000004022200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3f1320ff451f58f2021-12-22 12:45:05.946root 11241100x80000000000000004022201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb6ed5c5fb80af7b2021-12-22 12:45:05.946root 11241100x80000000000000004022202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04312bcb314066312021-12-22 12:45:05.946root 11241100x80000000000000004022203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23d5cfc8ea5c1a662021-12-22 12:45:05.946root 11241100x80000000000000004022204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf041b0846b866512021-12-22 12:45:05.947root 11241100x80000000000000004022205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1729513a5492bc1c2021-12-22 12:45:05.947root 11241100x80000000000000004022206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce7df4605cda32e22021-12-22 12:45:05.947root 11241100x80000000000000004022207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f544945231bf569b2021-12-22 12:45:05.947root 11241100x80000000000000004022208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb5bbcc2f9f2bd262021-12-22 12:45:05.947root 11241100x80000000000000004022209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9511b1e1ecd4095b2021-12-22 12:45:05.947root 11241100x80000000000000004022210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e213cea19038a962021-12-22 12:45:05.948root 11241100x80000000000000004022211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62135c00232a04c62021-12-22 12:45:05.948root 11241100x80000000000000004022212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aca5f7dfa116c42c2021-12-22 12:45:05.948root 11241100x80000000000000004022213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd76e50d14d8cb72021-12-22 12:45:05.948root 11241100x80000000000000004022214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.657db34a2dad0f362021-12-22 12:45:05.948root 11241100x80000000000000004022215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45a8c7e547c160bb2021-12-22 12:45:05.948root 11241100x80000000000000004022216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4911fc8323a20f462021-12-22 12:45:05.949root 11241100x80000000000000004022217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e8103d68bf2ddfa2021-12-22 12:45:05.949root 11241100x80000000000000004022218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac8a17e7dc7dcaa72021-12-22 12:45:05.949root 11241100x80000000000000004022219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77480c02f0b9276d2021-12-22 12:45:05.949root 11241100x80000000000000004022220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7565e200584c8e3b2021-12-22 12:45:05.949root 11241100x80000000000000004022221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d965d87a7d4a18f2021-12-22 12:45:05.950root 11241100x80000000000000004022222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4442435ecf7c4ec02021-12-22 12:45:05.950root 11241100x80000000000000004022223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88cc819faa4481f52021-12-22 12:45:05.950root 11241100x80000000000000004022224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52381cc116ee637c2021-12-22 12:45:05.950root 11241100x80000000000000004022225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d38e38df956b09652021-12-22 12:45:05.950root 11241100x80000000000000004022226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7ff115e0b47788a2021-12-22 12:45:05.950root 11241100x80000000000000004022227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9765c066bdbe193f2021-12-22 12:45:05.951root 11241100x80000000000000004022228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6de3ada75d954cac2021-12-22 12:45:05.951root 11241100x80000000000000004022229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.809b5c598fe54ab22021-12-22 12:45:05.951root 11241100x80000000000000004022230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:05.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27c8ff6c1038ebab2021-12-22 12:45:05.951root 23542300x80000000000000004022231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.125{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 354300x80000000000000004022232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.178{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-56854-false10.0.1.12-8000- 11241100x80000000000000004022233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa2007a732c9af322021-12-22 12:45:06.443root 11241100x80000000000000004022234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e2a3f721c6c11ea2021-12-22 12:45:06.443root 11241100x80000000000000004022235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f3862b577c27502021-12-22 12:45:06.443root 11241100x80000000000000004022236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d36c822b6ecb23c22021-12-22 12:45:06.444root 11241100x80000000000000004022237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6792ca6ebce7dcf12021-12-22 12:45:06.444root 11241100x80000000000000004022238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52560bd18a8c0cd72021-12-22 12:45:06.444root 11241100x80000000000000004022239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7190fcc0635e80be2021-12-22 12:45:06.444root 11241100x80000000000000004022240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4953cf693383e9642021-12-22 12:45:06.444root 11241100x80000000000000004022241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dacd8d1a779245412021-12-22 12:45:06.444root 11241100x80000000000000004022242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f08ef8b7331011682021-12-22 12:45:06.444root 11241100x80000000000000004022243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5df7109463367c932021-12-22 12:45:06.444root 11241100x80000000000000004022244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.729cc2245e84a5ff2021-12-22 12:45:06.445root 11241100x80000000000000004022245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffbbec9f514db9c72021-12-22 12:45:06.445root 11241100x80000000000000004022246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.374c0e69cc6a49f02021-12-22 12:45:06.445root 11241100x80000000000000004022247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fde72141f9a45c72021-12-22 12:45:06.445root 11241100x80000000000000004022248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da58e06f393e81752021-12-22 12:45:06.445root 11241100x80000000000000004022249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce993b576ac527852021-12-22 12:45:06.445root 11241100x80000000000000004022250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10302f75e044d12f2021-12-22 12:45:06.445root 11241100x80000000000000004022251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8473a6417fb1f65a2021-12-22 12:45:06.446root 11241100x80000000000000004022252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d06125b0efacdee2021-12-22 12:45:06.446root 11241100x80000000000000004022253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da85f1e32076af5f2021-12-22 12:45:06.446root 11241100x80000000000000004022254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dcef784cb9220e32021-12-22 12:45:06.446root 11241100x80000000000000004022255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09c31f2b1f0a25e12021-12-22 12:45:06.446root 11241100x80000000000000004022256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c029ab93e55627b2021-12-22 12:45:06.446root 11241100x80000000000000004022257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36f4333955f495da2021-12-22 12:45:06.446root 11241100x80000000000000004022258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d09d891ef18daf5a2021-12-22 12:45:06.447root 11241100x80000000000000004022259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e337382ed7b0d602021-12-22 12:45:06.447root 11241100x80000000000000004022260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24b8eddce615831b2021-12-22 12:45:06.447root 11241100x80000000000000004022261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8229260d99d2b2b2021-12-22 12:45:06.447root 11241100x80000000000000004022262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f396b8c42dcfdf302021-12-22 12:45:06.447root 11241100x80000000000000004022263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f751b4e6e0832c52021-12-22 12:45:06.447root 11241100x80000000000000004022264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aea77c1282a4a1be2021-12-22 12:45:06.447root 11241100x80000000000000004022265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95fd53ff40f1fb972021-12-22 12:45:06.447root 11241100x80000000000000004022266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d56221d4b6e7e6f2021-12-22 12:45:06.448root 11241100x80000000000000004022267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95f9a5731889436d2021-12-22 12:45:06.448root 11241100x80000000000000004022268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c04d9f86201b528e2021-12-22 12:45:06.448root 11241100x80000000000000004022269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22fd0e9fe2f891552021-12-22 12:45:06.448root 11241100x80000000000000004022270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38ef2ca77526e5a12021-12-22 12:45:06.448root 11241100x80000000000000004022271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a77dbf6679a25eef2021-12-22 12:45:06.448root 11241100x80000000000000004022272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2529f8502dc75b282021-12-22 12:45:06.448root 11241100x80000000000000004022273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8738b6dee25d8562021-12-22 12:45:06.448root 11241100x80000000000000004022274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81b53914af0558ad2021-12-22 12:45:06.448root 11241100x80000000000000004022275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61364ec53610f9782021-12-22 12:45:06.448root 11241100x80000000000000004022276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.511766ddccebae8d2021-12-22 12:45:06.448root 11241100x80000000000000004022277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9767828888d112e32021-12-22 12:45:06.448root 11241100x80000000000000004022278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bd5307ca5bb2dfb2021-12-22 12:45:06.448root 11241100x80000000000000004022279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4faa8ca211276452021-12-22 12:45:06.449root 11241100x80000000000000004022280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aa4c40f34452d3a2021-12-22 12:45:06.449root 11241100x80000000000000004022281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f13221812bb85ba82021-12-22 12:45:06.449root 11241100x80000000000000004022282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d69c5f596b05e602021-12-22 12:45:06.449root 11241100x80000000000000004022283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7feb303738c823b62021-12-22 12:45:06.449root 11241100x80000000000000004022284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da32f8250cc0f49b2021-12-22 12:45:06.449root 11241100x80000000000000004022285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b15b208ead82c6c02021-12-22 12:45:06.451root 11241100x80000000000000004022286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a26aaedc1cb4cf612021-12-22 12:45:06.451root 11241100x80000000000000004022287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a123bc58e0d005962021-12-22 12:45:06.451root 11241100x80000000000000004022288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8d09b7c4954561c2021-12-22 12:45:06.942root 11241100x80000000000000004022289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.247673eb718e4e482021-12-22 12:45:06.943root 11241100x80000000000000004022290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5b45f339de507cb2021-12-22 12:45:06.943root 11241100x80000000000000004022291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.306b67a87aeef1072021-12-22 12:45:06.943root 11241100x80000000000000004022292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bb148056aab29592021-12-22 12:45:06.943root 11241100x80000000000000004022293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0886b7260441a2f52021-12-22 12:45:06.943root 11241100x80000000000000004022294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad7c41cb7fe41a92021-12-22 12:45:06.943root 11241100x80000000000000004022295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11e01c75fa1759b12021-12-22 12:45:06.943root 11241100x80000000000000004022296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d4bb2d9884ee3692021-12-22 12:45:06.944root 11241100x80000000000000004022297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e49552df35f387ca2021-12-22 12:45:06.944root 11241100x80000000000000004022298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06c9992ddef7f9092021-12-22 12:45:06.944root 11241100x80000000000000004022299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2545ce427136fb532021-12-22 12:45:06.944root 11241100x80000000000000004022300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b14808d3f9939742021-12-22 12:45:06.944root 11241100x80000000000000004022301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ecebd5517b35dc52021-12-22 12:45:06.944root 11241100x80000000000000004022302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ae2c529b1df93d02021-12-22 12:45:06.944root 11241100x80000000000000004022303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0db0b058174d88792021-12-22 12:45:06.945root 11241100x80000000000000004022304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aef6d976b712f692021-12-22 12:45:06.945root 11241100x80000000000000004022305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dd2d6a5c67a1e012021-12-22 12:45:06.945root 11241100x80000000000000004022306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a19a2dc20ec0f9c02021-12-22 12:45:06.945root 11241100x80000000000000004022307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc033dd6df7742532021-12-22 12:45:06.945root 11241100x80000000000000004022308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b113209c07eb3492021-12-22 12:45:06.945root 11241100x80000000000000004022309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10926ef3207ed6d72021-12-22 12:45:06.945root 11241100x80000000000000004022310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.515f110c9746fa9c2021-12-22 12:45:06.945root 11241100x80000000000000004022311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.892ae3e2dd1924712021-12-22 12:45:06.946root 11241100x80000000000000004022312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26f162bf6de33f952021-12-22 12:45:06.946root 11241100x80000000000000004022313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bba47265add55ef2021-12-22 12:45:06.946root 11241100x80000000000000004022314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4cc6d0c565a49532021-12-22 12:45:06.947root 11241100x80000000000000004022315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e50f1c49f88d9462021-12-22 12:45:06.947root 11241100x80000000000000004022316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffc09f7ffef2546e2021-12-22 12:45:06.947root 11241100x80000000000000004022317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2bcea41272375b72021-12-22 12:45:06.947root 11241100x80000000000000004022318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08164694ee70f6002021-12-22 12:45:06.948root 11241100x80000000000000004022319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b073c6e382803e942021-12-22 12:45:06.948root 11241100x80000000000000004022320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d444d59ecb91fe442021-12-22 12:45:06.948root 11241100x80000000000000004022321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e251a526c6696d42021-12-22 12:45:06.948root 11241100x80000000000000004022322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bfd0300af479ef72021-12-22 12:45:06.948root 11241100x80000000000000004022323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c072c450f97120a22021-12-22 12:45:06.948root 11241100x80000000000000004022324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b523db3c05fdb372021-12-22 12:45:06.948root 11241100x80000000000000004022325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5df1a9206f58bab82021-12-22 12:45:06.948root 11241100x80000000000000004022326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3fbf9ed8b2dd3b32021-12-22 12:45:06.948root 11241100x80000000000000004022327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f43a1ab590f960c42021-12-22 12:45:06.949root 11241100x80000000000000004022328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c82f1aede0e0f2c2021-12-22 12:45:06.949root 11241100x80000000000000004022329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.589d9cb144ba360d2021-12-22 12:45:06.949root 11241100x80000000000000004022330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d61d9bc6faf13b802021-12-22 12:45:06.949root 11241100x80000000000000004022331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.358922e72e743bab2021-12-22 12:45:06.949root 11241100x80000000000000004022332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fb83a0253e365eb2021-12-22 12:45:06.949root 11241100x80000000000000004022333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70e4a3b2170a80c12021-12-22 12:45:06.949root 11241100x80000000000000004022334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be59fa3654ac050d2021-12-22 12:45:06.949root 11241100x80000000000000004022335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8f2438982a959642021-12-22 12:45:06.949root 11241100x80000000000000004022336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b060547cf1ea176d2021-12-22 12:45:06.950root 11241100x80000000000000004022337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2048dfae1f16d2632021-12-22 12:45:06.950root 11241100x80000000000000004022338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.685af77d4a2156fb2021-12-22 12:45:06.950root 11241100x80000000000000004022339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8641adfe7b559ae52021-12-22 12:45:06.950root 11241100x80000000000000004022340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c37652f87f33a3572021-12-22 12:45:06.950root 11241100x80000000000000004022341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.457906add6cf55b12021-12-22 12:45:06.950root 11241100x80000000000000004022342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3bdf8a537f8ffca2021-12-22 12:45:06.950root 11241100x80000000000000004022343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6f277ec7ec898f52021-12-22 12:45:06.950root 11241100x80000000000000004022344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d86611699ca3a8ef2021-12-22 12:45:06.950root 11241100x80000000000000004022345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a95b28358e929612021-12-22 12:45:06.950root 11241100x80000000000000004022346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd9d581e7bf26a512021-12-22 12:45:06.951root 11241100x80000000000000004022347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79c234c520bde9052021-12-22 12:45:06.951root 11241100x80000000000000004022348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.318bc2c0a7b14c552021-12-22 12:45:06.951root 11241100x80000000000000004022349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96d97767c1161b5b2021-12-22 12:45:06.951root 11241100x80000000000000004022350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31493a5f8a334a7f2021-12-22 12:45:06.951root 11241100x80000000000000004022351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2111be10e1194fa82021-12-22 12:45:06.951root 11241100x80000000000000004022352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2aa1dc885df9e892021-12-22 12:45:06.951root 11241100x80000000000000004022353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e6c735eeee707bf2021-12-22 12:45:06.951root 11241100x80000000000000004022354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:06.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.035de837d1f32ee52021-12-22 12:45:06.952root 11241100x80000000000000004022355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e50c60421f8a46c2021-12-22 12:45:07.443root 11241100x80000000000000004022356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3de9d9cfa9c6099f2021-12-22 12:45:07.443root 11241100x80000000000000004022357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.619e9edbd4ad08f82021-12-22 12:45:07.443root 11241100x80000000000000004022358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08d9a73be7f9b3102021-12-22 12:45:07.443root 11241100x80000000000000004022359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.966a7814c91465992021-12-22 12:45:07.444root 11241100x80000000000000004022360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d629847d9084b9d2021-12-22 12:45:07.444root 11241100x80000000000000004022361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab0e4fa3541230372021-12-22 12:45:07.444root 11241100x80000000000000004022362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d8737dd6cf9a12c2021-12-22 12:45:07.444root 11241100x80000000000000004022363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e17cf6d2603dcde2021-12-22 12:45:07.444root 11241100x80000000000000004022364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33acc81094a4abbc2021-12-22 12:45:07.444root 11241100x80000000000000004022365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d3ac6e84e3219bb2021-12-22 12:45:07.444root 11241100x80000000000000004022366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcf68f08c2a1d0c12021-12-22 12:45:07.444root 11241100x80000000000000004022367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f28c119cc1e5dabb2021-12-22 12:45:07.444root 11241100x80000000000000004022368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0dcba355da2682e2021-12-22 12:45:07.445root 11241100x80000000000000004022369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bc2d6226e2d3a1d2021-12-22 12:45:07.445root 11241100x80000000000000004022370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ec5b0c1f8487bdb2021-12-22 12:45:07.445root 11241100x80000000000000004022371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ed506e8f40aacbb2021-12-22 12:45:07.445root 11241100x80000000000000004022372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a18acace05eb33462021-12-22 12:45:07.445root 11241100x80000000000000004022373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1259f6d0f682655f2021-12-22 12:45:07.445root 11241100x80000000000000004022374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98c533609653ba8c2021-12-22 12:45:07.445root 11241100x80000000000000004022375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42dda2749ff6af952021-12-22 12:45:07.446root 11241100x80000000000000004022376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79a17a8ff7239ac42021-12-22 12:45:07.446root 11241100x80000000000000004022377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.910d472b1138f8f52021-12-22 12:45:07.446root 11241100x80000000000000004022378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35fc302fb9195de02021-12-22 12:45:07.446root 11241100x80000000000000004022379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19b892adca0b59102021-12-22 12:45:07.446root 11241100x80000000000000004022380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30adfae0eee09da12021-12-22 12:45:07.446root 11241100x80000000000000004022381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.001cbdfedfc62d952021-12-22 12:45:07.446root 11241100x80000000000000004022382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c5bc34fdf38125d2021-12-22 12:45:07.447root 11241100x80000000000000004022383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90426c404f3179c02021-12-22 12:45:07.447root 11241100x80000000000000004022384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e8580013a25ad642021-12-22 12:45:07.447root 11241100x80000000000000004022385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.523fc07a7b3a9f602021-12-22 12:45:07.447root 11241100x80000000000000004022386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39a7dcdbdd43e80a2021-12-22 12:45:07.447root 11241100x80000000000000004022387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ecea3c74d1293832021-12-22 12:45:07.447root 11241100x80000000000000004022388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ccc000000615dc2021-12-22 12:45:07.448root 11241100x80000000000000004022389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7af904b6887532542021-12-22 12:45:07.448root 11241100x80000000000000004022390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.771b1bf0366c4e642021-12-22 12:45:07.448root 11241100x80000000000000004022391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faa851f2e325d9f12021-12-22 12:45:07.448root 11241100x80000000000000004022392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d84620f43d077b0f2021-12-22 12:45:07.448root 11241100x80000000000000004022393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.016f8ccffb981c6a2021-12-22 12:45:07.448root 11241100x80000000000000004022394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be8bebecf1cbece42021-12-22 12:45:07.448root 11241100x80000000000000004022395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5adee27a34be3e8d2021-12-22 12:45:07.449root 11241100x80000000000000004022396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b7ec112138f6c182021-12-22 12:45:07.449root 11241100x80000000000000004022397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b77293b7403aecd32021-12-22 12:45:07.449root 11241100x80000000000000004022398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9371afbb5968456b2021-12-22 12:45:07.449root 11241100x80000000000000004022399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.008eeab650cb6c392021-12-22 12:45:07.449root 11241100x80000000000000004022400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd3bc9322347d9762021-12-22 12:45:07.449root 11241100x80000000000000004022401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2d0a302d3d54b7f2021-12-22 12:45:07.449root 11241100x80000000000000004022402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a31a4141552c1412021-12-22 12:45:07.449root 11241100x80000000000000004022403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.978c4c55fb5c92d12021-12-22 12:45:07.449root 11241100x80000000000000004022404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdc958eb2cf945332021-12-22 12:45:07.449root 11241100x80000000000000004022405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2dbcf6a0a70a9882021-12-22 12:45:07.450root 11241100x80000000000000004022406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cde62e39c9d133812021-12-22 12:45:07.450root 11241100x80000000000000004022407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aab6a01e901e6282021-12-22 12:45:07.450root 11241100x80000000000000004022408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a037d7c6823c2e92021-12-22 12:45:07.450root 11241100x80000000000000004022409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4a9eb1038d43d012021-12-22 12:45:07.450root 11241100x80000000000000004022410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a855abe51e856da2021-12-22 12:45:07.450root 11241100x80000000000000004022411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d18835aa99fc5b6e2021-12-22 12:45:07.450root 11241100x80000000000000004022412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.235653acd3d119932021-12-22 12:45:07.450root 11241100x80000000000000004022413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.352885bf1506aa192021-12-22 12:45:07.450root 11241100x80000000000000004022414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18553fe93c044a8e2021-12-22 12:45:07.451root 11241100x80000000000000004022415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb14f03bb1d516b12021-12-22 12:45:07.451root 11241100x80000000000000004022416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b31d0d40229df4382021-12-22 12:45:07.451root 11241100x80000000000000004022417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16086e3948858c712021-12-22 12:45:07.451root 11241100x80000000000000004022418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66ba4fc1babf66b02021-12-22 12:45:07.451root 11241100x80000000000000004022419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.335960f6b1435e232021-12-22 12:45:07.451root 11241100x80000000000000004022420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30e8096acaeb776c2021-12-22 12:45:07.452root 11241100x80000000000000004022421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c9a425fda0767a82021-12-22 12:45:07.452root 11241100x80000000000000004022422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bfd4c5d75e5e1c62021-12-22 12:45:07.452root 11241100x80000000000000004022423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12c9adbe0cc23cd02021-12-22 12:45:07.452root 11241100x80000000000000004022424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5420485e357828412021-12-22 12:45:07.452root 11241100x80000000000000004022425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cd7c972eb7ffc3e2021-12-22 12:45:07.452root 11241100x80000000000000004022426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94dec63944de1a5d2021-12-22 12:45:07.452root 11241100x80000000000000004022427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b69002d6dc83e832021-12-22 12:45:07.452root 11241100x80000000000000004022428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c18a1934a829db72021-12-22 12:45:07.453root 11241100x80000000000000004022429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a73894428a8ad6ce2021-12-22 12:45:07.453root 11241100x80000000000000004022430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17519bf572d9e47b2021-12-22 12:45:07.453root 11241100x80000000000000004022431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b77aceb98e084c92021-12-22 12:45:07.453root 11241100x80000000000000004022432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7bb5eeaedabf4bc2021-12-22 12:45:07.453root 11241100x80000000000000004022433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67ca10142c475b162021-12-22 12:45:07.453root 11241100x80000000000000004022434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a77c8123a5cfadf2021-12-22 12:45:07.453root 11241100x80000000000000004022435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7797329d728220ce2021-12-22 12:45:07.453root 11241100x80000000000000004022436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a56a9359eb32d5b2021-12-22 12:45:07.453root 11241100x80000000000000004022437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e82203dfdf995bf02021-12-22 12:45:07.453root 11241100x80000000000000004022438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50c84d47ef525b392021-12-22 12:45:07.453root 11241100x80000000000000004022439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1257ac736e56c0d72021-12-22 12:45:07.454root 11241100x80000000000000004022440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df46e2c24c48aa6b2021-12-22 12:45:07.454root 11241100x80000000000000004022441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02ec8c7cec54f0bf2021-12-22 12:45:07.454root 11241100x80000000000000004022442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90dd910a65a346752021-12-22 12:45:07.454root 11241100x80000000000000004022443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7696badad4008972021-12-22 12:45:07.454root 11241100x80000000000000004022444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b091ae0d4572b502021-12-22 12:45:07.454root 11241100x80000000000000004022445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc9e7474d67f365d2021-12-22 12:45:07.454root 11241100x80000000000000004022446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.281b538536b08d042021-12-22 12:45:07.454root 11241100x80000000000000004022447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.904b0e25364d42e72021-12-22 12:45:07.454root 11241100x80000000000000004022448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b31403736c177fd2021-12-22 12:45:07.454root 11241100x80000000000000004022449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e38ec5d2a83722bc2021-12-22 12:45:07.455root 11241100x80000000000000004022450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3291bd472058c3382021-12-22 12:45:07.455root 11241100x80000000000000004022451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5f3fc19987491542021-12-22 12:45:07.455root 11241100x80000000000000004022452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e411c5e2ed394152021-12-22 12:45:07.455root 11241100x80000000000000004022453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8ffd217d43bba592021-12-22 12:45:07.455root 11241100x80000000000000004022454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6282707147133c972021-12-22 12:45:07.455root 11241100x80000000000000004022455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe7fc795446714d32021-12-22 12:45:07.455root 11241100x80000000000000004022456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79dc51d5298aecba2021-12-22 12:45:07.455root 11241100x80000000000000004022457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fec79919924074c2021-12-22 12:45:07.455root 11241100x80000000000000004022458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a38f1c5b6c909162021-12-22 12:45:07.456root 11241100x80000000000000004022459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fd957bb461f7cb52021-12-22 12:45:07.456root 11241100x80000000000000004022460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e05ea4d6476c9f2b2021-12-22 12:45:07.456root 11241100x80000000000000004022461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eccc84c310c9fdfb2021-12-22 12:45:07.456root 11241100x80000000000000004022462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7071be7e47e346392021-12-22 12:45:07.457root 11241100x80000000000000004022463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28636dd633f0b6072021-12-22 12:45:07.457root 11241100x80000000000000004022464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.811ee46cb4568db82021-12-22 12:45:07.457root 11241100x80000000000000004022465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b50c2485a5016f02021-12-22 12:45:07.457root 11241100x80000000000000004022466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b09e36adc32dc0b72021-12-22 12:45:07.457root 11241100x80000000000000004022467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c7365cbf65909ef2021-12-22 12:45:07.457root 11241100x80000000000000004022468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97620d4827ce768b2021-12-22 12:45:07.457root 11241100x80000000000000004022469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63c0aec97b6ca8cf2021-12-22 12:45:07.458root 11241100x80000000000000004022470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92d3d0a51b517cbd2021-12-22 12:45:07.458root 11241100x80000000000000004022471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d06697006a5d8e9b2021-12-22 12:45:07.458root 11241100x80000000000000004022472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.725dfed9615d7d0d2021-12-22 12:45:07.458root 11241100x80000000000000004022473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.489d4be97db6f7f62021-12-22 12:45:07.458root 11241100x80000000000000004022474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.569be3c4505c9caf2021-12-22 12:45:07.458root 11241100x80000000000000004022475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37ed63a23e64e31c2021-12-22 12:45:07.459root 11241100x80000000000000004022476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ceb71daa2074ebc2021-12-22 12:45:07.460root 11241100x80000000000000004022477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a98ea28f1e0a5b3f2021-12-22 12:45:07.460root 11241100x80000000000000004022478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f10e4b570776da252021-12-22 12:45:07.460root 11241100x80000000000000004022479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e00d9e4090c050082021-12-22 12:45:07.460root 11241100x80000000000000004022480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b86bd308d2f6c1112021-12-22 12:45:07.460root 11241100x80000000000000004022481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30cbbc2db32f057a2021-12-22 12:45:07.461root 11241100x80000000000000004022482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4958e6dc27646aa92021-12-22 12:45:07.943root 11241100x80000000000000004022483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eb3c9f9b3c8cc5c2021-12-22 12:45:07.943root 11241100x80000000000000004022484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d6e47d13fe4428e2021-12-22 12:45:07.943root 11241100x80000000000000004022485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c92de5ea54bd32ae2021-12-22 12:45:07.944root 11241100x80000000000000004022486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.134b3f23452a1d1d2021-12-22 12:45:07.944root 11241100x80000000000000004022487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8390bb8e7c28c3b2021-12-22 12:45:07.944root 11241100x80000000000000004022488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.536ee258b1a575f72021-12-22 12:45:07.944root 11241100x80000000000000004022489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a709056f3089cb9d2021-12-22 12:45:07.944root 11241100x80000000000000004022490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a728c2c9367ed702021-12-22 12:45:07.944root 11241100x80000000000000004022491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f1c50c8c3e717fc2021-12-22 12:45:07.944root 11241100x80000000000000004022492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34deae878a227faf2021-12-22 12:45:07.944root 11241100x80000000000000004022493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2da2a2760a94b572021-12-22 12:45:07.945root 11241100x80000000000000004022494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b19a786499ae54b52021-12-22 12:45:07.945root 11241100x80000000000000004022495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d2426054b31df122021-12-22 12:45:07.945root 11241100x80000000000000004022496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d036146748a111142021-12-22 12:45:07.945root 11241100x80000000000000004022497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b38d66d136902f32021-12-22 12:45:07.945root 11241100x80000000000000004022498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11f13af2d47dc7fe2021-12-22 12:45:07.945root 11241100x80000000000000004022499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20833c18a8b2f6052021-12-22 12:45:07.945root 11241100x80000000000000004022500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32e16ab020c30da02021-12-22 12:45:07.946root 11241100x80000000000000004022501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d352ee66ccbe266b2021-12-22 12:45:07.946root 11241100x80000000000000004022502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5aae2971ee7e2b72021-12-22 12:45:07.946root 11241100x80000000000000004022503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30aa21372dc9e42e2021-12-22 12:45:07.946root 11241100x80000000000000004022504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b4dcf0374f4cf092021-12-22 12:45:07.946root 11241100x80000000000000004022505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c4192a68c787a712021-12-22 12:45:07.946root 11241100x80000000000000004022506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d116880bdd7e562021-12-22 12:45:07.946root 11241100x80000000000000004022507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fee89dbc0a512162021-12-22 12:45:07.947root 11241100x80000000000000004022508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdf624d1b651216a2021-12-22 12:45:07.947root 11241100x80000000000000004022509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28a78802564ff8622021-12-22 12:45:07.947root 11241100x80000000000000004022510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac1b2d1c971117172021-12-22 12:45:07.947root 11241100x80000000000000004022511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fef34f173c24c6f72021-12-22 12:45:07.947root 11241100x80000000000000004022512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64e0a96283297ecf2021-12-22 12:45:07.947root 11241100x80000000000000004022513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97c980dc00998aa32021-12-22 12:45:07.947root 11241100x80000000000000004022514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b522f777a485435e2021-12-22 12:45:07.948root 11241100x80000000000000004022515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.186c063b0015f8722021-12-22 12:45:07.948root 11241100x80000000000000004022516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.998d0f343327b8012021-12-22 12:45:07.948root 11241100x80000000000000004022517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03f0d27e2da4b5432021-12-22 12:45:07.948root 11241100x80000000000000004022518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed1662834f4333402021-12-22 12:45:07.949root 11241100x80000000000000004022519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f521d65375da9e672021-12-22 12:45:07.949root 11241100x80000000000000004022520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9ec84e5113688f62021-12-22 12:45:07.949root 11241100x80000000000000004022521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38be4bf34fe5da692021-12-22 12:45:07.949root 11241100x80000000000000004022522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a301ccb37655cc02021-12-22 12:45:07.950root 11241100x80000000000000004022523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d6e5119353181952021-12-22 12:45:07.950root 11241100x80000000000000004022524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33ec30bf3de722df2021-12-22 12:45:07.950root 11241100x80000000000000004022525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.146270178509c5332021-12-22 12:45:07.954root 11241100x80000000000000004022526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37af1edff19a293c2021-12-22 12:45:07.954root 11241100x80000000000000004022527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9028bacb4d1d5fc2021-12-22 12:45:07.954root 11241100x80000000000000004022528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f9792ac7800264f2021-12-22 12:45:07.955root 11241100x80000000000000004022529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bf7317d69b786de2021-12-22 12:45:07.955root 11241100x80000000000000004022530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ea4cbbc948dff212021-12-22 12:45:07.956root 11241100x80000000000000004022531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1b94f07cbe132382021-12-22 12:45:07.956root 11241100x80000000000000004022532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dec3f5f535ed9ea42021-12-22 12:45:07.957root 11241100x80000000000000004022533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:07.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d65f5fe4082f7ced2021-12-22 12:45:07.957root 154100x80000000000000004022534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.113{ec2b6afe-1dd4-61c3-080e-cccf99550000}22717/usr/bin/sudo-----sudo depmod -a/home/ubuntu/rootkit_testubuntu{ec2b6afe-ff0e-61c2-e803-000000000000}100033no level-{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702/bin/bash-bashubuntu 354300x80000000000000004022535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.116{ec2b6afe-1dd4-61c3-080e-cccf99550000}22717/usr/bin/sudoubuntuudptruefalse127.0.0.1-50123-false127.0.0.53-53- 354300x80000000000000004022536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.116{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.25-44145-false10.0.0.2-53- 354300x80000000000000004022537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.116{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.25-57372-false10.0.0.2-53- 354300x80000000000000004022538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.117{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-50123- 354300x80000000000000004022539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.117{ec2b6afe-1dd4-61c3-080e-cccf99550000}22717/usr/bin/sudoubuntuudptruefalse127.0.0.1-44933-false127.0.0.53-53- 354300x80000000000000004022540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.117{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-44933- 154100x80000000000000004022541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.119{ec2b6afe-1dd4-61c3-50ad-97bf08560000}22718/bin/kmod-----depmod -a/home/ubuntu/rootkit_testroot{ec2b6afe-0000-0000-0000-000000000000}033no level-{ec2b6afe-1dd4-61c3-080e-cccf99550000}22717/usr/bin/sudosudoubuntu 11241100x80000000000000004022542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74e31fbf96a1eb972021-12-22 12:45:08.442root 11241100x80000000000000004022543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e666268fd7c03b432021-12-22 12:45:08.443root 11241100x80000000000000004022544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.080318ef0d6a04b82021-12-22 12:45:08.443root 11241100x80000000000000004022545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b67f1b050347b9b72021-12-22 12:45:08.443root 11241100x80000000000000004022546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa85d71131b000a52021-12-22 12:45:08.443root 11241100x80000000000000004022547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6ef6b9764c58d3a2021-12-22 12:45:08.443root 11241100x80000000000000004022548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a54590783fda2a5c2021-12-22 12:45:08.443root 11241100x80000000000000004022549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f732c1ebbd515b1f2021-12-22 12:45:08.444root 11241100x80000000000000004022550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2d5c9ebf67e8ed02021-12-22 12:45:08.444root 11241100x80000000000000004022551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbc43bb3f4884d922021-12-22 12:45:08.444root 11241100x80000000000000004022552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47ab26ae261bc7052021-12-22 12:45:08.444root 11241100x80000000000000004022553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecf6f72b33de54912021-12-22 12:45:08.444root 11241100x80000000000000004022554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5122ee3f7a4a1d682021-12-22 12:45:08.444root 11241100x80000000000000004022555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adacca519f1e1d5c2021-12-22 12:45:08.444root 11241100x80000000000000004022556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8efebe7de290bd5c2021-12-22 12:45:08.444root 11241100x80000000000000004022557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eac9e2b1e1585f0d2021-12-22 12:45:08.445root 11241100x80000000000000004022558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e32d8ebaa46b91a2021-12-22 12:45:08.445root 11241100x80000000000000004022559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7b67e7ff4d3665b2021-12-22 12:45:08.445root 11241100x80000000000000004022560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37b4ec6edaf161b82021-12-22 12:45:08.445root 11241100x80000000000000004022561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9377a3184a46a8122021-12-22 12:45:08.445root 11241100x80000000000000004022562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca2c3b91bff2e9332021-12-22 12:45:08.445root 11241100x80000000000000004022563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73ea0c5107b7653e2021-12-22 12:45:08.445root 11241100x80000000000000004022564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6a4d3cf0110fc5e2021-12-22 12:45:08.446root 11241100x80000000000000004022565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab26707fa9da655a2021-12-22 12:45:08.446root 11241100x80000000000000004022566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3074633fcfcf21022021-12-22 12:45:08.446root 11241100x80000000000000004022567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6eaad2fab25ba172021-12-22 12:45:08.446root 11241100x80000000000000004022568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dda67299df782d692021-12-22 12:45:08.446root 11241100x80000000000000004022569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ed016f226c446242021-12-22 12:45:08.447root 11241100x80000000000000004022570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c37a0ab61f789462021-12-22 12:45:08.447root 11241100x80000000000000004022571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.667df2bb091c2eaa2021-12-22 12:45:08.447root 11241100x80000000000000004022572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f184393192b68c92021-12-22 12:45:08.447root 11241100x80000000000000004022573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0a68ac6dbe09dec2021-12-22 12:45:08.448root 11241100x80000000000000004022574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66fdfd3d6337dd202021-12-22 12:45:08.448root 11241100x80000000000000004022575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bff0b84ac9cf06d2021-12-22 12:45:08.448root 11241100x80000000000000004022576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2b8d2f65f865a982021-12-22 12:45:08.448root 11241100x80000000000000004022577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6879a621accdf1f72021-12-22 12:45:08.449root 11241100x80000000000000004022578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdf3e23a860f69332021-12-22 12:45:08.449root 11241100x80000000000000004022579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f4faacc3c263f452021-12-22 12:45:08.449root 11241100x80000000000000004022580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87e570133860253b2021-12-22 12:45:08.449root 11241100x80000000000000004022581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50c5a097659ee60e2021-12-22 12:45:08.449root 11241100x80000000000000004022582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25e7a1c43235237c2021-12-22 12:45:08.450root 11241100x80000000000000004022583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d287e93ae1da9d5c2021-12-22 12:45:08.450root 11241100x80000000000000004022584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b748775b622b221f2021-12-22 12:45:08.450root 11241100x80000000000000004022585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.676866c07b7407542021-12-22 12:45:08.450root 11241100x80000000000000004022586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81bfa3f10ed8173a2021-12-22 12:45:08.451root 11241100x80000000000000004022587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6297e9915f92f5352021-12-22 12:45:08.451root 11241100x80000000000000004022588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d3dc362d9c5bc6f2021-12-22 12:45:08.451root 11241100x80000000000000004022589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc53cc907bd48dbf2021-12-22 12:45:08.451root 11241100x80000000000000004022590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce9ca48b3d6635b62021-12-22 12:45:08.452root 11241100x80000000000000004022591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd8fd5dc2697f5f52021-12-22 12:45:08.452root 11241100x80000000000000004022592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b791c7b941135672021-12-22 12:45:08.452root 11241100x80000000000000004022593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdaab8c0877922452021-12-22 12:45:08.452root 11241100x80000000000000004022594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66888fb4c56ca7f42021-12-22 12:45:08.452root 11241100x80000000000000004022595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03066c0ff4447ab22021-12-22 12:45:08.453root 11241100x80000000000000004022596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59724957d5d83d9a2021-12-22 12:45:08.453root 11241100x80000000000000004022597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.244353f1747c5f992021-12-22 12:45:08.453root 11241100x80000000000000004022598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5f2214e54c2e8c02021-12-22 12:45:08.453root 11241100x80000000000000004022599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f94ff44fad8faa3b2021-12-22 12:45:08.454root 11241100x80000000000000004022600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.179bf8d27b37c9fb2021-12-22 12:45:08.454root 11241100x80000000000000004022601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e499336463456472021-12-22 12:45:08.454root 11241100x80000000000000004022602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.231e00b9e6ed49732021-12-22 12:45:08.454root 11241100x80000000000000004022603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.248836df58dff1302021-12-22 12:45:08.454root 11241100x80000000000000004022604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aefb5963da8716022021-12-22 12:45:08.455root 11241100x80000000000000004022605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bacff65e1a7b9fd2021-12-22 12:45:08.455root 11241100x80000000000000004022606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9c99be039b35cc52021-12-22 12:45:08.455root 11241100x80000000000000004022607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eee173c9b18f75772021-12-22 12:45:08.455root 11241100x80000000000000004022608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f06241dee9afdcfa2021-12-22 12:45:08.456root 11241100x80000000000000004022609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9f44a9cbf6097422021-12-22 12:45:08.457root 11241100x80000000000000004022610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ad345268e5ce67c2021-12-22 12:45:08.460root 11241100x80000000000000004022611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f90d08e4ed87aa362021-12-22 12:45:08.460root 11241100x80000000000000004022612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fd4d2a6e4bf0ea12021-12-22 12:45:08.460root 11241100x80000000000000004022613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d728e49aaf6cae22021-12-22 12:45:08.460root 11241100x80000000000000004022614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ffe767b3ef141782021-12-22 12:45:08.461root 11241100x80000000000000004022615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35cfe016833468da2021-12-22 12:45:08.461root 11241100x80000000000000004022616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52bc6bf5d68ffd772021-12-22 12:45:08.461root 11241100x80000000000000004022617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.462{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f153ea420e258d962021-12-22 12:45:08.462root 11241100x80000000000000004022618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.462{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a3c06cb2144f3a12021-12-22 12:45:08.462root 11241100x80000000000000004022619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.462{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5a9b90552a561d72021-12-22 12:45:08.462root 11241100x80000000000000004022620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.462{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99cf79420b0f728b2021-12-22 12:45:08.462root 11241100x80000000000000004022621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.463{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c42ce2a81d2ca0582021-12-22 12:45:08.463root 11241100x80000000000000004022622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.463{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.652dfaf485729a4a2021-12-22 12:45:08.463root 11241100x80000000000000004022623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.463{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa77ef6fb904559f2021-12-22 12:45:08.463root 11241100x80000000000000004022624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.463{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a020499445d23b5e2021-12-22 12:45:08.463root 11241100x80000000000000004022625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.463{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.579f6b3be621162f2021-12-22 12:45:08.463root 11241100x80000000000000004022626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.463{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfed6bd91f3da3102021-12-22 12:45:08.463root 11241100x80000000000000004022627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.464{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b86903797a8846662021-12-22 12:45:08.464root 11241100x80000000000000004022628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.464{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e018ab5a2f890752021-12-22 12:45:08.464root 11241100x80000000000000004022629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.464{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07e0e57256e935c12021-12-22 12:45:08.464root 11241100x80000000000000004022630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.465{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f1ff85a9cb76b7f2021-12-22 12:45:08.465root 11241100x80000000000000004022631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.465{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ad49887311ab0ab2021-12-22 12:45:08.465root 11241100x80000000000000004022632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.465{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27b03e39ac52c1ec2021-12-22 12:45:08.465root 11241100x80000000000000004022633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.465{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61ac956881b695c52021-12-22 12:45:08.465root 11241100x80000000000000004022634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.466{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fda491cf576f91762021-12-22 12:45:08.466root 11241100x80000000000000004022635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.466{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a5796ea1d26d08f2021-12-22 12:45:08.466root 11241100x80000000000000004022636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.466{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b556361c5b7d26d2021-12-22 12:45:08.466root 11241100x80000000000000004022637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.466{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57c5639cecce238d2021-12-22 12:45:08.466root 11241100x80000000000000004022638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.466{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d48bb9dcb1eb08ba2021-12-22 12:45:08.466root 11241100x80000000000000004022639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.467{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fc945656bc3c8b92021-12-22 12:45:08.467root 11241100x80000000000000004022640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.467{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdf5ae724af263202021-12-22 12:45:08.467root 11241100x80000000000000004022641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.467{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad46178b82a22ef12021-12-22 12:45:08.467root 11241100x80000000000000004022642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.467{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d862c2f8e09e9e2021-12-22 12:45:08.467root 11241100x80000000000000004022643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.467{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.972d1a0b36fd39382021-12-22 12:45:08.467root 11241100x80000000000000004022644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.467{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d96f7fb954d45cd2021-12-22 12:45:08.467root 11241100x80000000000000004022645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.467{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.005d878aa0cc66362021-12-22 12:45:08.467root 11241100x80000000000000004022646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.468{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d558618d00614ba2021-12-22 12:45:08.468root 11241100x80000000000000004022647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.468{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd26923ff4cf9ec2021-12-22 12:45:08.468root 11241100x80000000000000004022648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.468{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b4cf0a1dde7fcbe2021-12-22 12:45:08.468root 11241100x80000000000000004022649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.468{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcc30c22fe42e6ea2021-12-22 12:45:08.468root 11241100x80000000000000004022650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.468{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5208a01520523e632021-12-22 12:45:08.468root 11241100x80000000000000004022651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.468{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7a518492c5136142021-12-22 12:45:08.468root 11241100x80000000000000004022652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.469{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b70f64168b0a6d42021-12-22 12:45:08.469root 11241100x80000000000000004022653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.469{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9d60cfcd1d5cd852021-12-22 12:45:08.469root 11241100x80000000000000004022654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.469{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b09ffa8e6c05e5182021-12-22 12:45:08.469root 11241100x80000000000000004022655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.469{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efd287f99b98a52e2021-12-22 12:45:08.469root 11241100x80000000000000004022656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.469{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79f13e1bd73233162021-12-22 12:45:08.469root 11241100x80000000000000004022657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.471{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f46d35a838d157c02021-12-22 12:45:08.471root 11241100x80000000000000004022658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.471{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f29a4371505302d22021-12-22 12:45:08.471root 11241100x80000000000000004022659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.472{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a60d30b69840aa82021-12-22 12:45:08.472root 11241100x80000000000000004022660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.472{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65729626b93b9ec82021-12-22 12:45:08.472root 11241100x80000000000000004022661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.472{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c27c5ffe612268c02021-12-22 12:45:08.472root 11241100x80000000000000004022662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.473{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3df93d49e143f0e62021-12-22 12:45:08.473root 11241100x80000000000000004022663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.473{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7558315931356f162021-12-22 12:45:08.473root 11241100x80000000000000004022664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.473{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6718076d912e81012021-12-22 12:45:08.473root 11241100x80000000000000004022665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.473{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7014cb53356b9d5d2021-12-22 12:45:08.473root 11241100x80000000000000004022666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.473{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5823267761b567982021-12-22 12:45:08.473root 11241100x80000000000000004022667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.475{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77acf288cac428302021-12-22 12:45:08.475root 11241100x80000000000000004022668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.475{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7594c8bb9cf2abb2021-12-22 12:45:08.475root 11241100x80000000000000004022669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.478{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59799b89ffda55682021-12-22 12:45:08.478root 11241100x80000000000000004022670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.478{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86e1f29ff81861642021-12-22 12:45:08.478root 11241100x80000000000000004022671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.478{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1162ccb917f237f2021-12-22 12:45:08.478root 11241100x80000000000000004022672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.478{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04c30bff6f82fae62021-12-22 12:45:08.478root 11241100x80000000000000004022673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.478{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9bb60af832cab6d2021-12-22 12:45:08.478root 11241100x80000000000000004022674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.478{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6b4b09433ff606c2021-12-22 12:45:08.478root 11241100x80000000000000004022675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.480{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7793cd367bf2ddb2021-12-22 12:45:08.480root 11241100x80000000000000004022676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.480{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cbcb3406e02024b2021-12-22 12:45:08.480root 11241100x80000000000000004022677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.480{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5444f08f9d41a8b32021-12-22 12:45:08.480root 11241100x80000000000000004022678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.480{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec15e9ce7199e50c2021-12-22 12:45:08.480root 11241100x80000000000000004022679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.480{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd0450c61dc9e462021-12-22 12:45:08.480root 11241100x80000000000000004022680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.480{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b78c53ff249f5dc42021-12-22 12:45:08.480root 11241100x80000000000000004022681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.480{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a53be96036dffc542021-12-22 12:45:08.480root 11241100x80000000000000004022682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.483{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb3b8d68cb235b022021-12-22 12:45:08.483root 11241100x80000000000000004022683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.483{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a66707970c09fa3b2021-12-22 12:45:08.483root 11241100x80000000000000004022684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.483{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62b93d2492bac8af2021-12-22 12:45:08.483root 11241100x80000000000000004022685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.483{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9fcc40aba1852bd2021-12-22 12:45:08.483root 11241100x80000000000000004022686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.483{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13cd04e9cd06c9fa2021-12-22 12:45:08.483root 11241100x80000000000000004022687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.483{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd3e100c480294d62021-12-22 12:45:08.483root 11241100x80000000000000004022688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.485{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f893fdc6dd6088a22021-12-22 12:45:08.485root 11241100x80000000000000004022689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.485{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.783c9c67fdea87c72021-12-22 12:45:08.485root 11241100x80000000000000004022690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.485{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc866bfa3c807bff2021-12-22 12:45:08.485root 11241100x80000000000000004022691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.485{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4df01462fd7064662021-12-22 12:45:08.485root 11241100x80000000000000004022692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.487{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3e83c192a5244132021-12-22 12:45:08.487root 11241100x80000000000000004022693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.487{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01a7a4b9beb568d72021-12-22 12:45:08.487root 11241100x80000000000000004022694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.487{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cabdf5fcf75d0c4a2021-12-22 12:45:08.487root 11241100x80000000000000004022695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.488{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc7bf590592a3f862021-12-22 12:45:08.488root 11241100x80000000000000004022696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.488{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56707db79c99732c2021-12-22 12:45:08.488root 11241100x80000000000000004022697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.488{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c7436fd1ba7ad1b2021-12-22 12:45:08.488root 11241100x80000000000000004022698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.488{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8994d8ed461d1ad2021-12-22 12:45:08.488root 11241100x80000000000000004022699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.488{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c3a6ea4a1765212021-12-22 12:45:08.488root 11241100x80000000000000004022700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.488{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6badcafbbfde54e2021-12-22 12:45:08.488root 11241100x80000000000000004022701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.488{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9c8e81bdd81f9562021-12-22 12:45:08.488root 11241100x80000000000000004022702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.488{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cae9e293224e41812021-12-22 12:45:08.488root 11241100x80000000000000004022703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.488{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38f92c0d8a0dbef32021-12-22 12:45:08.488root 11241100x80000000000000004022704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.488{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d6ef2c59be3c752021-12-22 12:45:08.488root 11241100x80000000000000004022705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.488{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd86185743d5f8812021-12-22 12:45:08.488root 11241100x80000000000000004022706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.488{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89d20db8f9548f8c2021-12-22 12:45:08.488root 11241100x80000000000000004022707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.488{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb20c78a3fc2423b2021-12-22 12:45:08.488root 11241100x80000000000000004022708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.488{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93c326fdc36aef142021-12-22 12:45:08.488root 11241100x80000000000000004022709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.488{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a16a07c2bfc8c8bb2021-12-22 12:45:08.488root 11241100x80000000000000004022710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.488{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31a551552c567e292021-12-22 12:45:08.488root 11241100x80000000000000004022711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.489{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1241d4f641c66522021-12-22 12:45:08.489root 11241100x80000000000000004022712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.489{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d04368d33ca44452021-12-22 12:45:08.489root 11241100x80000000000000004022713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.489{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e6d4340cff42882021-12-22 12:45:08.489root 11241100x80000000000000004022714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.489{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9db609701cbbd0b92021-12-22 12:45:08.489root 11241100x80000000000000004022715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.490{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf6e288b7bd6daa82021-12-22 12:45:08.490root 11241100x80000000000000004022716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.490{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c929369648930a92021-12-22 12:45:08.490root 11241100x80000000000000004022717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.490{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c33b87934a364652021-12-22 12:45:08.490root 11241100x80000000000000004022718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.490{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f20f9b287885e9d02021-12-22 12:45:08.490root 11241100x80000000000000004022719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.490{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f5bce25134e15d2021-12-22 12:45:08.490root 11241100x80000000000000004022720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.490{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae4dc2e3f815b8c62021-12-22 12:45:08.490root 11241100x80000000000000004022721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:08.490{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aacc3f8f238808b52021-12-22 12:45:08.490root 154100x80000000000000004022798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:14.895{ec2b6afe-1dda-61c3-08ae-acf49c550000}22719/usr/bin/sudo-----sudo rmmod rootkit/home/ubuntu/rootkit_testubuntu{ec2b6afe-ff0e-61c2-e803-000000000000}100033no level-{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702/bin/bash-bashubuntu 354300x80000000000000004022799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:14.899{ec2b6afe-1dda-61c3-08ae-acf49c550000}22719/usr/bin/sudoubuntuudptruefalse127.0.0.1-45378-false127.0.0.53-53- 354300x80000000000000004022800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:14.900{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.25-50476-false10.0.0.2-53- 354300x80000000000000004022801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:14.900{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.25-39006-false10.0.0.2-53- 354300x80000000000000004022802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:14.900{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-45378- 354300x80000000000000004022803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:14.900{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-36944- 354300x80000000000000004022804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:14.900{ec2b6afe-1dda-61c3-08ae-acf49c550000}22719/usr/bin/sudoubuntuudptruefalse127.0.0.1-36944-false127.0.0.53-53- 154100x80000000000000004022805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:14.903{ec2b6afe-1dda-61c3-503d-6b341b560000}22720/bin/kmod-----rmmod rootkit/home/ubuntu/rootkit_testroot{ec2b6afe-0000-0000-0000-000000000000}033no level-{ec2b6afe-1dda-61c3-08ae-acf49c550000}22719/usr/bin/sudosudoubuntu 11241100x80000000000000004022806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:14.904{ec2b6afe-9233-61c1-b8ed-5a3378550000}473/lib/systemd/systemd-udevd/run/udev/queue2021-12-22 12:45:14.904root 23542300x80000000000000004022807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:14.913{ec2b6afe-9233-61c1-b8ed-5a3378550000}473root/lib/systemd/systemd-udevd/run/udev/queue--- 534500x80000000000000004022808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:14.915{ec2b6afe-1dda-61c3-503d-6b341b560000}22720/bin/kmodroot 534500x80000000000000004022809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:14.915{00000000-0000-0000-0000-000000000000}22721<unknown process>root 534500x80000000000000004022810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:14.916{ec2b6afe-1dda-61c3-08ae-acf49c550000}22719/usr/bin/sudoroot 11241100x80000000000000004022811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27a698ae4f111cdc2021-12-22 12:45:15.193root 11241100x80000000000000004022812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7322aaf89ff50842021-12-22 12:45:15.193root 11241100x80000000000000004022813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1ab1287f2b049972021-12-22 12:45:15.193root 11241100x80000000000000004022814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d5bae118a9735a02021-12-22 12:45:15.194root 11241100x80000000000000004022815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b00f7d837a03e71b2021-12-22 12:45:15.194root 11241100x80000000000000004022816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.992e3934d0a654242021-12-22 12:45:15.194root 11241100x80000000000000004022817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7d997a1071623922021-12-22 12:45:15.195root 11241100x80000000000000004022818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1106d7dd6c501dd2021-12-22 12:45:15.195root 11241100x80000000000000004022819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48943599a6be0f872021-12-22 12:45:15.195root 11241100x80000000000000004022820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:15.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab4f5a7806d5ec6c2021-12-22 12:45:15.196root 11241100x80000000000000004022821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:15.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86bfa16942cf6db92021-12-22 12:45:15.196root 11241100x80000000000000004022822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:15.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd3d29f5d41212072021-12-22 12:45:15.196root 11241100x80000000000000004022823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:15.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bde6412c17b3f7302021-12-22 12:45:15.196root 11241100x80000000000000004022824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:15.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c38c891d7982f452021-12-22 12:45:15.692root 11241100x80000000000000004022825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b72a4bb952dc2ac2021-12-22 12:45:15.693root 11241100x80000000000000004022826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.657200b535dbdf052021-12-22 12:45:15.693root 11241100x80000000000000004022827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb3d1c2bbc52d0072021-12-22 12:45:15.693root 11241100x80000000000000004022828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c69b37862d66d08f2021-12-22 12:45:15.693root 11241100x80000000000000004022829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c60d222eaa86b1882021-12-22 12:45:15.693root 11241100x80000000000000004022830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af83cb8dcb8cbe822021-12-22 12:45:15.694root 11241100x80000000000000004022831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 12:45:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a1a01eec42b03d62021-12-22 12:45:15.694root