11241100x8000000000000000535773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a20d310153300d042021-12-21 11:30:42.193root 11241100x8000000000000000535774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c3ef391f4a672362021-12-21 11:30:42.193root 11241100x8000000000000000535775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97fdb6dce5cc41c12021-12-21 11:30:42.193root 11241100x8000000000000000535776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92c45c1546a9340d2021-12-21 11:30:42.193root 11241100x8000000000000000535777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2485e8a14595aaf2021-12-21 11:30:42.193root 11241100x8000000000000000535778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5abac2523d6d84bb2021-12-21 11:30:42.193root 11241100x8000000000000000535779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a75b43448ba05402021-12-21 11:30:42.193root 11241100x8000000000000000535780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.069369dccb4114152021-12-21 11:30:42.194root 11241100x8000000000000000535781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e7aa08e02162de2021-12-21 11:30:42.194root 11241100x8000000000000000535782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d481b413486408562021-12-21 11:30:42.194root 11241100x8000000000000000535783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98b793eeff16c3232021-12-21 11:30:42.194root 11241100x8000000000000000535784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5bc3d44e62219a62021-12-21 11:30:42.194root 11241100x8000000000000000535785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.029f94edbf7c9a2b2021-12-21 11:30:42.194root 11241100x8000000000000000535786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.475064335e9fa70a2021-12-21 11:30:42.194root 11241100x8000000000000000535787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e568b01916cffa412021-12-21 11:30:42.194root 11241100x8000000000000000535788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6506a510a91e26142021-12-21 11:30:42.692root 11241100x8000000000000000535789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83e5d42fa6af206d2021-12-21 11:30:42.693root 11241100x8000000000000000535790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a66be46db73859f2021-12-21 11:30:42.693root 11241100x8000000000000000535791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb6cb9e42bdcd5492021-12-21 11:30:42.693root 11241100x8000000000000000535792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb10744afeddb6462021-12-21 11:30:42.693root 11241100x8000000000000000535793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da4b7d76b6db5cc2021-12-21 11:30:42.693root 11241100x8000000000000000535794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38049f97a8988bfd2021-12-21 11:30:42.693root 11241100x8000000000000000535795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c804c6c273e9de0c2021-12-21 11:30:42.693root 11241100x8000000000000000535796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.704aaca675facf3a2021-12-21 11:30:42.693root 11241100x8000000000000000535797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34c6e730b5e637f62021-12-21 11:30:42.693root 11241100x8000000000000000535798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f0ce52ee6bfed442021-12-21 11:30:42.693root 11241100x8000000000000000535799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b43cba078b2eeba12021-12-21 11:30:42.693root 11241100x8000000000000000535800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03830159951d79bd2021-12-21 11:30:42.693root 11241100x8000000000000000535801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6b40458d7b397ce2021-12-21 11:30:42.694root 11241100x8000000000000000535802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c112d5bcb877c2e2021-12-21 11:30:42.694root 354300x8000000000000000535803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.100{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48644-false10.0.1.12-8000- 11241100x8000000000000000535804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.100{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cd993cd85a5d48a2021-12-21 11:30:43.100root 11241100x8000000000000000535805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.100{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f508c8185a906d372021-12-21 11:30:43.100root 11241100x8000000000000000535806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.100{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c929565aba4594872021-12-21 11:30:43.100root 11241100x8000000000000000535807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4add36f1d0adf0a82021-12-21 11:30:43.101root 11241100x8000000000000000535808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a15937f8a0ffca2021-12-21 11:30:43.101root 11241100x8000000000000000535809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06274b089d0b4e892021-12-21 11:30:43.101root 11241100x8000000000000000535810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c84037dde90b89052021-12-21 11:30:43.101root 11241100x8000000000000000535811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a77b10ff9101997f2021-12-21 11:30:43.101root 11241100x8000000000000000535812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.956edbc050514d352021-12-21 11:30:43.101root 11241100x8000000000000000535813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0abe18c6cd66f4ff2021-12-21 11:30:43.101root 11241100x8000000000000000535814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bd5e195f2eef4802021-12-21 11:30:43.101root 11241100x8000000000000000535815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eecc467ba6fc8e682021-12-21 11:30:43.101root 11241100x8000000000000000535816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c74ab01ba7154472021-12-21 11:30:43.101root 11241100x8000000000000000535817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cddc0c34b984dbc2021-12-21 11:30:43.101root 11241100x8000000000000000535818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce8ad8fdb6dc40282021-12-21 11:30:43.101root 11241100x8000000000000000535819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.102{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b95572194ccfeb1f2021-12-21 11:30:43.102root 11241100x8000000000000000535820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fb0d0ed8b19a42f2021-12-21 11:30:43.443root 11241100x8000000000000000535821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9938feec42d70c9c2021-12-21 11:30:43.443root 11241100x8000000000000000535822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.612118a60263c6992021-12-21 11:30:43.443root 11241100x8000000000000000535823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fa7c090cd2217392021-12-21 11:30:43.443root 11241100x8000000000000000535824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceb231bd61b6c7602021-12-21 11:30:43.443root 11241100x8000000000000000535825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38a19d5881a804502021-12-21 11:30:43.443root 11241100x8000000000000000535826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a74d0a0748a30a812021-12-21 11:30:43.443root 11241100x8000000000000000535827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.536bccc7c8738bff2021-12-21 11:30:43.444root 11241100x8000000000000000535828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6617a39175cc3d942021-12-21 11:30:43.444root 11241100x8000000000000000535829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc030858335a6ece2021-12-21 11:30:43.444root 11241100x8000000000000000535830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c5af6a3da8df0e2021-12-21 11:30:43.444root 11241100x8000000000000000535831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1478c4c5691bb402021-12-21 11:30:43.444root 11241100x8000000000000000535832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7121e49320e75b002021-12-21 11:30:43.444root 11241100x8000000000000000535833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cbcb854188b18e02021-12-21 11:30:43.444root 11241100x8000000000000000535834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a54b43cedff009b2021-12-21 11:30:43.444root 11241100x8000000000000000535835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2d03ff522d3fe182021-12-21 11:30:43.444root 11241100x8000000000000000535836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ff939420735aa9a2021-12-21 11:30:43.943root 11241100x8000000000000000535837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8459f60ec79779b82021-12-21 11:30:43.943root 11241100x8000000000000000535838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9addc8e588ee3982021-12-21 11:30:43.943root 11241100x8000000000000000535839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e8e8199e300b6462021-12-21 11:30:43.943root 11241100x8000000000000000535840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06bf64e49f8639c42021-12-21 11:30:43.943root 11241100x8000000000000000535841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ed80ba8248e570b2021-12-21 11:30:43.943root 11241100x8000000000000000535842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2151100df4a5bcc42021-12-21 11:30:43.943root 11241100x8000000000000000535843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdbbf0e57b1aea2c2021-12-21 11:30:43.943root 11241100x8000000000000000535844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22205c9ea5ed97e02021-12-21 11:30:43.943root 11241100x8000000000000000535845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cd7a80c18df47162021-12-21 11:30:43.943root 11241100x8000000000000000535846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e52713d9d4d4262021-12-21 11:30:43.943root 11241100x8000000000000000535847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fd8752d72353b3d2021-12-21 11:30:43.943root 11241100x8000000000000000535848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04bbf2955ae3ee762021-12-21 11:30:43.943root 11241100x8000000000000000535849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28b807d8d97e90d82021-12-21 11:30:43.944root 11241100x8000000000000000535850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c42c313c286317b42021-12-21 11:30:43.944root 11241100x8000000000000000535851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ce510e89c6754722021-12-21 11:30:43.944root 11241100x8000000000000000535852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19238af40220a8ad2021-12-21 11:30:44.443root 11241100x8000000000000000535853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70f6388095dd89452021-12-21 11:30:44.443root 11241100x8000000000000000535854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ece56e8b1060752021-12-21 11:30:44.444root 11241100x8000000000000000535855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d467927ed99e4e92021-12-21 11:30:44.444root 11241100x8000000000000000535856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b97102fa589a7dbb2021-12-21 11:30:44.444root 11241100x8000000000000000535857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59da4b110ba8e1782021-12-21 11:30:44.444root 11241100x8000000000000000535858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eec0a034a86303fd2021-12-21 11:30:44.444root 11241100x8000000000000000535859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ad3bc3fde9ccbd02021-12-21 11:30:44.444root 11241100x8000000000000000535860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c8f6214ba62fb6c2021-12-21 11:30:44.444root 11241100x8000000000000000535861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b899ffc67e4ff1562021-12-21 11:30:44.444root 11241100x8000000000000000535862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85e1093665e5310f2021-12-21 11:30:44.445root 11241100x8000000000000000535863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ffb982d40f2e57d2021-12-21 11:30:44.445root 11241100x8000000000000000535864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7176b7c1e441537e2021-12-21 11:30:44.445root 11241100x8000000000000000535865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.123bd68ec61f3d6c2021-12-21 11:30:44.445root 11241100x8000000000000000535866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41574815fe145a942021-12-21 11:30:44.445root 11241100x8000000000000000535867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3709185c3c8377622021-12-21 11:30:44.445root 11241100x8000000000000000535868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f970775ce4de2902021-12-21 11:30:44.942root 11241100x8000000000000000535869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fd2be26ebaf69792021-12-21 11:30:44.943root 11241100x8000000000000000535870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d6186645fa94102021-12-21 11:30:44.943root 11241100x8000000000000000535871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4dde062219941a92021-12-21 11:30:44.943root 11241100x8000000000000000535872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e19ea25ad135aad2021-12-21 11:30:44.943root 11241100x8000000000000000535873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ab8ce0e9941e7f42021-12-21 11:30:44.943root 11241100x8000000000000000535874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.361cc718b1fb2c892021-12-21 11:30:44.943root 11241100x8000000000000000535875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.786915f332030d4c2021-12-21 11:30:44.943root 11241100x8000000000000000535876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14a030aea0fb88512021-12-21 11:30:44.943root 11241100x8000000000000000535877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2be82f7173e008302021-12-21 11:30:44.943root 11241100x8000000000000000535878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4c8bb9f9618811d2021-12-21 11:30:44.943root 11241100x8000000000000000535879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d10fc8088c3933cb2021-12-21 11:30:44.944root 11241100x8000000000000000535880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de84f8e2f04058fa2021-12-21 11:30:44.944root 11241100x8000000000000000535881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ba27a80fad7934c2021-12-21 11:30:44.944root 11241100x8000000000000000535882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c616f5e85824172b2021-12-21 11:30:44.944root 11241100x8000000000000000535883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05ebbf8ade4477f72021-12-21 11:30:44.944root 11241100x8000000000000000535884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a629fe7093b0eec92021-12-21 11:30:45.443root 11241100x8000000000000000535885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47a979c423b440792021-12-21 11:30:45.443root 11241100x8000000000000000535886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5072a05ec608d36c2021-12-21 11:30:45.443root 11241100x8000000000000000535887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ae166297d9ef6612021-12-21 11:30:45.443root 11241100x8000000000000000535888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eab753555d3ab4c2021-12-21 11:30:45.443root 11241100x8000000000000000535889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59ea17c0998715f12021-12-21 11:30:45.443root 11241100x8000000000000000535890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a79e628e5599c04f2021-12-21 11:30:45.443root 11241100x8000000000000000535891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e39a6c696d8b585b2021-12-21 11:30:45.444root 11241100x8000000000000000535892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0af58a386a2f70ce2021-12-21 11:30:45.444root 11241100x8000000000000000535893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4540ea465eba72cb2021-12-21 11:30:45.444root 11241100x8000000000000000535894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.589f23ba143159602021-12-21 11:30:45.444root 11241100x8000000000000000535895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a081abfcf4bca72a2021-12-21 11:30:45.444root 11241100x8000000000000000535896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01a287aed2c804942021-12-21 11:30:45.444root 11241100x8000000000000000535897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1531614a7454b0b12021-12-21 11:30:45.444root 11241100x8000000000000000535898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.269661e6b8518bb22021-12-21 11:30:45.444root 11241100x8000000000000000535899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf7a1635711007342021-12-21 11:30:45.444root 11241100x8000000000000000535900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f041873f5d850942021-12-21 11:30:45.943root 11241100x8000000000000000535901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaec047ac4eec9a82021-12-21 11:30:45.943root 11241100x8000000000000000535902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f63512f75574658a2021-12-21 11:30:45.943root 11241100x8000000000000000535903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.020f4b0e76c323fd2021-12-21 11:30:45.943root 11241100x8000000000000000535904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69905534631c4c052021-12-21 11:30:45.943root 11241100x8000000000000000535905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b2af966883415742021-12-21 11:30:45.943root 11241100x8000000000000000535906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0040e3902bfa7002021-12-21 11:30:45.944root 11241100x8000000000000000535907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71808b3540bad7a32021-12-21 11:30:45.944root 11241100x8000000000000000535908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b18ca03396cf6aa52021-12-21 11:30:45.944root 11241100x8000000000000000535909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14353cb0f5f83c202021-12-21 11:30:45.944root 11241100x8000000000000000535910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0d290a5f99d96c52021-12-21 11:30:45.944root 11241100x8000000000000000535911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d816ffb40b29690e2021-12-21 11:30:45.944root 11241100x8000000000000000535912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cbd177ab46bcf9e2021-12-21 11:30:45.944root 11241100x8000000000000000535913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9de7a185f9f71d212021-12-21 11:30:45.944root 11241100x8000000000000000535914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5bfebcc51eba8ca2021-12-21 11:30:45.944root 11241100x8000000000000000535915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8b4b5dba041cdef2021-12-21 11:30:45.944root 11241100x8000000000000000535916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91c9cdae84c42be32021-12-21 11:30:46.443root 11241100x8000000000000000535917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c54da7df4c7cb082021-12-21 11:30:46.443root 11241100x8000000000000000535918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.910be03e6351ecf32021-12-21 11:30:46.443root 11241100x8000000000000000535919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c72e30d31e38ce762021-12-21 11:30:46.443root 11241100x8000000000000000535920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.838069dbdaeecd7c2021-12-21 11:30:46.443root 11241100x8000000000000000535921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12f9ebd5cc4802ba2021-12-21 11:30:46.443root 11241100x8000000000000000535922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de691b8a6579df5c2021-12-21 11:30:46.444root 11241100x8000000000000000535923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b928412ed3d8cdb82021-12-21 11:30:46.444root 11241100x8000000000000000535924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d41a26f09b3db4472021-12-21 11:30:46.444root 11241100x8000000000000000535925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfd0560dd50519c52021-12-21 11:30:46.444root 11241100x8000000000000000535926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0cfefd505a46d192021-12-21 11:30:46.444root 11241100x8000000000000000535927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f34374f7f5d47952021-12-21 11:30:46.444root 11241100x8000000000000000535928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd71090f3775589a2021-12-21 11:30:46.444root 11241100x8000000000000000535929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d24519dfdf52e7922021-12-21 11:30:46.444root 11241100x8000000000000000535930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61ea15ad95ebebff2021-12-21 11:30:46.444root 11241100x8000000000000000535931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d89f66d86db1fd32021-12-21 11:30:46.444root 11241100x8000000000000000535932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28dd6dc63694b0bb2021-12-21 11:30:46.943root 11241100x8000000000000000535933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b5ea9c4a36ddf842021-12-21 11:30:46.943root 11241100x8000000000000000535934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.366f17b544572a222021-12-21 11:30:46.943root 11241100x8000000000000000535935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c316a6ab067257c2021-12-21 11:30:46.943root 11241100x8000000000000000535936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58cf7f28f917e8132021-12-21 11:30:46.943root 11241100x8000000000000000535937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6175a7bc06730e9b2021-12-21 11:30:46.943root 11241100x8000000000000000535938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bdc3765535ef0b52021-12-21 11:30:46.944root 11241100x8000000000000000535939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e263635e0ff01792021-12-21 11:30:46.944root 11241100x8000000000000000535940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f80b735d588071002021-12-21 11:30:46.944root 11241100x8000000000000000535941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae13378c91ff49662021-12-21 11:30:46.944root 11241100x8000000000000000535942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd6fa55d74bd3862021-12-21 11:30:46.944root 11241100x8000000000000000535943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b8279a0fdfd56d32021-12-21 11:30:46.944root 11241100x8000000000000000535944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcf97c95a1f1d8992021-12-21 11:30:46.944root 11241100x8000000000000000535945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1ca512923d9d9ef2021-12-21 11:30:46.944root 11241100x8000000000000000535946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dfb11729f83705a2021-12-21 11:30:46.944root 11241100x8000000000000000535947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a108f99a1483d7492021-12-21 11:30:46.944root 11241100x8000000000000000535948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.428b1b152a1e43fb2021-12-21 11:30:47.443root 11241100x8000000000000000535949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d99e4b6ceb7f573f2021-12-21 11:30:47.443root 11241100x8000000000000000535950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61567370540fa0122021-12-21 11:30:47.443root 11241100x8000000000000000535951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.619038db35f9eefc2021-12-21 11:30:47.443root 11241100x8000000000000000535952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.380e87906bc76f3b2021-12-21 11:30:47.443root 11241100x8000000000000000535953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28490d0a5b37b3472021-12-21 11:30:47.443root 11241100x8000000000000000535954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d77ce0625e58f2b32021-12-21 11:30:47.444root 11241100x8000000000000000535955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5be8fcc77f2060072021-12-21 11:30:47.444root 11241100x8000000000000000535956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.572242e84d4edac92021-12-21 11:30:47.444root 11241100x8000000000000000535957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d547e26cc1a6b27b2021-12-21 11:30:47.444root 11241100x8000000000000000535958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8619911341eb10662021-12-21 11:30:47.444root 11241100x8000000000000000535959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a17ffe0fb87e8a3d2021-12-21 11:30:47.444root 11241100x8000000000000000535960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c80c0f18cbbac752021-12-21 11:30:47.444root 11241100x8000000000000000535961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27240c2bb6968b992021-12-21 11:30:47.444root 11241100x8000000000000000535962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb1ebac1d399e96c2021-12-21 11:30:47.444root 11241100x8000000000000000535963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3451a2c738b3f66c2021-12-21 11:30:47.444root 11241100x8000000000000000535964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1eada5b6a96693c2021-12-21 11:30:47.944root 11241100x8000000000000000535965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0082d05d0a1fdc262021-12-21 11:30:47.944root 11241100x8000000000000000535966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d353fa8033078522021-12-21 11:30:47.944root 11241100x8000000000000000535967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfa7af6359e40f652021-12-21 11:30:47.944root 11241100x8000000000000000535968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddf422e890e756f62021-12-21 11:30:47.944root 11241100x8000000000000000535969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a36e247fa4cae0a2021-12-21 11:30:47.944root 11241100x8000000000000000535970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbe84fcfd44a00852021-12-21 11:30:47.944root 11241100x8000000000000000535971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49426202e7da719f2021-12-21 11:30:47.944root 11241100x8000000000000000535972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b35fa8d4034e99db2021-12-21 11:30:47.944root 11241100x8000000000000000535973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.724592c659e4e8162021-12-21 11:30:47.945root 11241100x8000000000000000535974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2460dff2234fd01c2021-12-21 11:30:47.945root 11241100x8000000000000000535975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c633db05125dcdbf2021-12-21 11:30:47.945root 11241100x8000000000000000535976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7506110c8be4b3b2021-12-21 11:30:47.945root 11241100x8000000000000000535977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b97ee550fb66a39f2021-12-21 11:30:47.945root 11241100x8000000000000000535978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e65b6e656dcccd52021-12-21 11:30:47.945root 11241100x8000000000000000535979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88bb0874c66686ab2021-12-21 11:30:47.945root 11241100x8000000000000000535980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.869d676e42e15f592021-12-21 11:30:48.443root 11241100x8000000000000000535981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a1db8e398085edb2021-12-21 11:30:48.443root 11241100x8000000000000000535982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7edd6e0e88693462021-12-21 11:30:48.443root 11241100x8000000000000000535983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93fde869a77c7d5b2021-12-21 11:30:48.443root 11241100x8000000000000000535984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff8fe96d0bc3b3b42021-12-21 11:30:48.443root 11241100x8000000000000000535985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ea8ed4465e8b06e2021-12-21 11:30:48.444root 11241100x8000000000000000535986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46926696ed2e4b692021-12-21 11:30:48.444root 11241100x8000000000000000535987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80b64bb0c10432f92021-12-21 11:30:48.444root 11241100x8000000000000000535988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.317d425ab7ba7f622021-12-21 11:30:48.444root 11241100x8000000000000000535989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bb29df325aac1e52021-12-21 11:30:48.444root 11241100x8000000000000000535990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a396d09a2750eef12021-12-21 11:30:48.444root 11241100x8000000000000000535991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79a4b39b458f7df62021-12-21 11:30:48.444root 11241100x8000000000000000535992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad86b536a5386392021-12-21 11:30:48.444root 11241100x8000000000000000535993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb66bc757147ff6a2021-12-21 11:30:48.444root 11241100x8000000000000000535994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d19229fb4d7adb42021-12-21 11:30:48.444root 11241100x8000000000000000535995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5975e0e913a933a72021-12-21 11:30:48.444root 11241100x8000000000000000535996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9621fd6d0ed160b92021-12-21 11:30:48.943root 11241100x8000000000000000535997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9f526150fdb6d7d2021-12-21 11:30:48.943root 11241100x8000000000000000535998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.509c745219971cf12021-12-21 11:30:48.943root 11241100x8000000000000000535999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8dca9762c8878612021-12-21 11:30:48.943root 11241100x8000000000000000536000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a35063ffeba12d832021-12-21 11:30:48.943root 11241100x8000000000000000536001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9aea8f9bd087ca12021-12-21 11:30:48.943root 11241100x8000000000000000536002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08645d500b4b85ec2021-12-21 11:30:48.944root 11241100x8000000000000000536003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e72d1f4cc9b3012021-12-21 11:30:48.944root 11241100x8000000000000000536004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9ca1b49b9b6f1b92021-12-21 11:30:48.944root 11241100x8000000000000000536005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be73a56f0a067642021-12-21 11:30:48.944root 11241100x8000000000000000536006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d0c2d5a11bf5c152021-12-21 11:30:48.944root 11241100x8000000000000000536007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20c342f952c9bee52021-12-21 11:30:48.944root 11241100x8000000000000000536008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eca7a0f81fc8ac32021-12-21 11:30:48.944root 11241100x8000000000000000536009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d684727cd640752c2021-12-21 11:30:48.944root 11241100x8000000000000000536010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3006dd528187adeb2021-12-21 11:30:48.944root 11241100x8000000000000000536011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.099d6767ec28517a2021-12-21 11:30:48.944root 354300x8000000000000000536012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.014{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48646-false10.0.1.12-8000- 11241100x8000000000000000536013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b64d38a2d09c7cf02021-12-21 11:30:49.443root 11241100x8000000000000000536014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fbcbc7de6b42b6e2021-12-21 11:30:49.443root 11241100x8000000000000000536015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4b461e3481cbae22021-12-21 11:30:49.443root 11241100x8000000000000000536016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a780f6960748e50e2021-12-21 11:30:49.443root 11241100x8000000000000000536017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4023444288a151632021-12-21 11:30:49.443root 11241100x8000000000000000536018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04da81619ebe04e32021-12-21 11:30:49.444root 11241100x8000000000000000536019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81bc7de2d88970732021-12-21 11:30:49.444root 11241100x8000000000000000536020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb4f0dd99200201e2021-12-21 11:30:49.444root 11241100x8000000000000000536021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3299b156c85250a2021-12-21 11:30:49.444root 11241100x8000000000000000536022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.272e2963547b05ee2021-12-21 11:30:49.444root 11241100x8000000000000000536023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6d941880acf3e142021-12-21 11:30:49.444root 11241100x8000000000000000536024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2910a0f983a3565a2021-12-21 11:30:49.444root 11241100x8000000000000000536025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40ff1bf88b08aa612021-12-21 11:30:49.444root 11241100x8000000000000000536026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c81d898ae2afde392021-12-21 11:30:49.444root 11241100x8000000000000000536027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d2fff18729c9beb2021-12-21 11:30:49.444root 11241100x8000000000000000536028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ff7d5516b6c69632021-12-21 11:30:49.444root 11241100x8000000000000000536029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ef14fc76762df462021-12-21 11:30:49.444root 11241100x8000000000000000536030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da8e6845695475c72021-12-21 11:30:49.943root 11241100x8000000000000000536031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.395380622cd7a4a32021-12-21 11:30:49.943root 11241100x8000000000000000536032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.502239a45f62b2d82021-12-21 11:30:49.943root 11241100x8000000000000000536033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cdcbe0f61bd78b52021-12-21 11:30:49.943root 11241100x8000000000000000536034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42d9b04a98be4f7c2021-12-21 11:30:49.943root 11241100x8000000000000000536035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52ea93dae814b2ec2021-12-21 11:30:49.944root 11241100x8000000000000000536036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4765679aac8410502021-12-21 11:30:49.944root 11241100x8000000000000000536037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62a36fc663b7da092021-12-21 11:30:49.944root 11241100x8000000000000000536038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f15f7576f0b8dff2021-12-21 11:30:49.944root 11241100x8000000000000000536039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a008a1cbd27b6cf32021-12-21 11:30:49.944root 11241100x8000000000000000536040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3710d6b9742561242021-12-21 11:30:49.944root 11241100x8000000000000000536041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8523bb3fa27c8d5d2021-12-21 11:30:49.944root 11241100x8000000000000000536042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef070c072c1d14172021-12-21 11:30:49.944root 11241100x8000000000000000536043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d12d227da4e97402021-12-21 11:30:49.944root 11241100x8000000000000000536044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70d97566fafee0402021-12-21 11:30:49.944root 11241100x8000000000000000536045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bede1550851c5212021-12-21 11:30:49.944root 11241100x8000000000000000536046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29cba7396038152b2021-12-21 11:30:49.944root 11241100x8000000000000000536047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6480353b2776ebc2021-12-21 11:30:50.443root 11241100x8000000000000000536048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5a4f6a96726fcec2021-12-21 11:30:50.443root 11241100x8000000000000000536049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dedd17086ce546612021-12-21 11:30:50.443root 11241100x8000000000000000536050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da2cc925397161bf2021-12-21 11:30:50.443root 11241100x8000000000000000536051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe71afa7f475ce642021-12-21 11:30:50.444root 11241100x8000000000000000536052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5544776db698e26b2021-12-21 11:30:50.444root 11241100x8000000000000000536053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00c90856125f578e2021-12-21 11:30:50.444root 11241100x8000000000000000536054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50f44f28755a21d32021-12-21 11:30:50.444root 11241100x8000000000000000536055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab50905c82867c122021-12-21 11:30:50.444root 11241100x8000000000000000536056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7ff764af9e8c99a2021-12-21 11:30:50.444root 11241100x8000000000000000536057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6cb6efeb28926372021-12-21 11:30:50.444root 11241100x8000000000000000536058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47a8d4d4865ed1e82021-12-21 11:30:50.444root 11241100x8000000000000000536059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbbbaf48ab68f32d2021-12-21 11:30:50.444root 11241100x8000000000000000536060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d112347b17235162021-12-21 11:30:50.444root 11241100x8000000000000000536061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cd33e882356ed592021-12-21 11:30:50.444root 11241100x8000000000000000536062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5752fc81dd4b62252021-12-21 11:30:50.445root 11241100x8000000000000000536063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b03e4ca01b8eefe2021-12-21 11:30:50.445root 11241100x8000000000000000536064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14a21bb86c81f69f2021-12-21 11:30:50.943root 11241100x8000000000000000536065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c555cd7a467adc7e2021-12-21 11:30:50.943root 11241100x8000000000000000536066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c262c863357fd5c62021-12-21 11:30:50.943root 11241100x8000000000000000536067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a009de2639b355172021-12-21 11:30:50.943root 11241100x8000000000000000536068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ec3ca7c9b04dc02021-12-21 11:30:50.944root 11241100x8000000000000000536069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b88c97a59fab16a22021-12-21 11:30:50.944root 11241100x8000000000000000536070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38794693b10f71a92021-12-21 11:30:50.944root 11241100x8000000000000000536071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.427d1b5becce5b492021-12-21 11:30:50.944root 11241100x8000000000000000536072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd437a744679517e2021-12-21 11:30:50.944root 11241100x8000000000000000536073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3cd7903ed7189a72021-12-21 11:30:50.944root 11241100x8000000000000000536074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7414227575b202642021-12-21 11:30:50.944root 11241100x8000000000000000536075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1f469645b2624a82021-12-21 11:30:50.944root 11241100x8000000000000000536076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c909d1421e484ec2021-12-21 11:30:50.944root 11241100x8000000000000000536077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53f9ce48bd056a432021-12-21 11:30:50.944root 11241100x8000000000000000536078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cdbb42831be49792021-12-21 11:30:50.944root 11241100x8000000000000000536079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6086231d8177eb3d2021-12-21 11:30:50.944root 11241100x8000000000000000536080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14af8eb4b272d7d72021-12-21 11:30:50.944root 11241100x8000000000000000536081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af5a9ac7a55ab0c72021-12-21 11:30:51.443root 11241100x8000000000000000536082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3905e7efcc2ef782021-12-21 11:30:51.443root 11241100x8000000000000000536083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c212008c7d84ca542021-12-21 11:30:51.443root 11241100x8000000000000000536084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5915925b0b1be3882021-12-21 11:30:51.443root 11241100x8000000000000000536085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6e26c6294cefc912021-12-21 11:30:51.444root 11241100x8000000000000000536086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef1befb29ab9b54f2021-12-21 11:30:51.444root 11241100x8000000000000000536087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.587a6c99343694182021-12-21 11:30:51.444root 11241100x8000000000000000536088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.704f8bf11538ed2d2021-12-21 11:30:51.444root 11241100x8000000000000000536089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dd6415446a37b302021-12-21 11:30:51.444root 11241100x8000000000000000536090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.312111e93bdefcde2021-12-21 11:30:51.444root 11241100x8000000000000000536091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5089904c1da3bc5d2021-12-21 11:30:51.444root 11241100x8000000000000000536092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f425fc0a556300e92021-12-21 11:30:51.444root 11241100x8000000000000000536093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78543ec57fcad57a2021-12-21 11:30:51.444root 11241100x8000000000000000536094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30b5d2c30ec919d82021-12-21 11:30:51.444root 11241100x8000000000000000536095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b73169544d8cbd0d2021-12-21 11:30:51.444root 11241100x8000000000000000536096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c163347e51a857992021-12-21 11:30:51.445root 11241100x8000000000000000536097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2aa4cccb7fb037c2021-12-21 11:30:51.445root 11241100x8000000000000000536098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fd2907cfd7f37b02021-12-21 11:30:51.943root 11241100x8000000000000000536099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5ef964d75bc7fdc2021-12-21 11:30:51.943root 11241100x8000000000000000536100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61ecf55b264fa6bc2021-12-21 11:30:51.943root 11241100x8000000000000000536101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2a0af390355d60c2021-12-21 11:30:51.943root 11241100x8000000000000000536102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2abd66b867fb082d2021-12-21 11:30:51.943root 11241100x8000000000000000536103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65567ddb0fe2443d2021-12-21 11:30:51.944root 11241100x8000000000000000536104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05867b820302086a2021-12-21 11:30:51.944root 11241100x8000000000000000536105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c06dc00ef60d1b2021-12-21 11:30:51.944root 11241100x8000000000000000536106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6b469df0ab3f3022021-12-21 11:30:51.944root 11241100x8000000000000000536107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cf22aca28ead6622021-12-21 11:30:51.944root 11241100x8000000000000000536108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1782d5fe38ab9fd42021-12-21 11:30:51.944root 11241100x8000000000000000536109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ed7a3089add310a2021-12-21 11:30:51.944root 11241100x8000000000000000536110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24fff2c4744622b62021-12-21 11:30:51.944root 11241100x8000000000000000536111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a6f5cc5adc2dadd2021-12-21 11:30:51.944root 11241100x8000000000000000536112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae2d6fd52ae0a7692021-12-21 11:30:51.944root 11241100x8000000000000000536113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e7dbf7f7e847722021-12-21 11:30:51.944root 11241100x8000000000000000536114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8e8c4d94124b2412021-12-21 11:30:51.944root 11241100x8000000000000000536115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c267927ae673ac192021-12-21 11:30:52.443root 11241100x8000000000000000536116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01843d113c2c20642021-12-21 11:30:52.443root 11241100x8000000000000000536117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1b6425953ded1f02021-12-21 11:30:52.443root 11241100x8000000000000000536118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83c235b6b7689f8e2021-12-21 11:30:52.443root 11241100x8000000000000000536119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5114e9239d6da84e2021-12-21 11:30:52.443root 11241100x8000000000000000536120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e32370648bca48b2021-12-21 11:30:52.443root 11241100x8000000000000000536121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ad2a7c0aacf89aa2021-12-21 11:30:52.444root 11241100x8000000000000000536122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af07a7784283df302021-12-21 11:30:52.444root 11241100x8000000000000000536123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a124982d121edb02021-12-21 11:30:52.444root 11241100x8000000000000000536124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b5ad19e6b2df6902021-12-21 11:30:52.444root 11241100x8000000000000000536125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7edf3e17ad8579f2021-12-21 11:30:52.444root 11241100x8000000000000000536126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbf0a3f79e8f91052021-12-21 11:30:52.444root 11241100x8000000000000000536127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.581ae821ecdc522d2021-12-21 11:30:52.444root 11241100x8000000000000000536128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1655a4fe8f199112021-12-21 11:30:52.444root 11241100x8000000000000000536129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1f19370571807d92021-12-21 11:30:52.444root 11241100x8000000000000000536130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5736bfdba9271d22021-12-21 11:30:52.444root 11241100x8000000000000000536131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d168b3e8da44c56b2021-12-21 11:30:52.444root 11241100x8000000000000000536132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55a4e5780159b2e32021-12-21 11:30:52.943root 11241100x8000000000000000536133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9301d51071d31a752021-12-21 11:30:52.943root 11241100x8000000000000000536134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c52d445e804926432021-12-21 11:30:52.943root 11241100x8000000000000000536135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50a9b5cd53f51fb52021-12-21 11:30:52.943root 11241100x8000000000000000536136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c029b56d87b031682021-12-21 11:30:52.944root 11241100x8000000000000000536137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e89bd4da89ab9ffb2021-12-21 11:30:52.944root 11241100x8000000000000000536138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbdcbd59fbfa7da82021-12-21 11:30:52.944root 11241100x8000000000000000536139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.315728c0773ffbcb2021-12-21 11:30:52.944root 11241100x8000000000000000536140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ecf708882660a742021-12-21 11:30:52.944root 11241100x8000000000000000536141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d148451eace50e7c2021-12-21 11:30:52.944root 11241100x8000000000000000536142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0459b19159768d592021-12-21 11:30:52.944root 11241100x8000000000000000536143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd96ad4c6bde8332021-12-21 11:30:52.944root 11241100x8000000000000000536144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75b94d39bb828d792021-12-21 11:30:52.944root 11241100x8000000000000000536145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfb259f6a0a2ed8b2021-12-21 11:30:52.944root 11241100x8000000000000000536146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae6b17007e17e5282021-12-21 11:30:52.944root 11241100x8000000000000000536147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.010485996e69fa722021-12-21 11:30:52.944root 11241100x8000000000000000536148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f76730dccb1d1b22021-12-21 11:30:52.944root 11241100x8000000000000000536149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8daa30c40af94f62021-12-21 11:30:53.443root 11241100x8000000000000000536150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8e915cc7b13dfa92021-12-21 11:30:53.443root 11241100x8000000000000000536151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddbb3834a1b548072021-12-21 11:30:53.443root 11241100x8000000000000000536152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5493c3f51f7b56c2021-12-21 11:30:53.443root 11241100x8000000000000000536153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.399bbc23722a7b402021-12-21 11:30:53.443root 11241100x8000000000000000536154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e70866804f6602402021-12-21 11:30:53.443root 11241100x8000000000000000536155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6059d4abd0a483c2021-12-21 11:30:53.444root 11241100x8000000000000000536156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e67f08faf14152b2021-12-21 11:30:53.444root 11241100x8000000000000000536157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90100ba286a83efb2021-12-21 11:30:53.444root 11241100x8000000000000000536158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c71cc037cf98cde42021-12-21 11:30:53.444root 11241100x8000000000000000536159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3b0fea271d13fa42021-12-21 11:30:53.444root 11241100x8000000000000000536160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15172a41500b14922021-12-21 11:30:53.444root 11241100x8000000000000000536161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1244269f74e4b3fe2021-12-21 11:30:53.444root 11241100x8000000000000000536162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d09df4f2fa1c0172021-12-21 11:30:53.444root 11241100x8000000000000000536163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f523f800a875e862021-12-21 11:30:53.444root 11241100x8000000000000000536164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.704d827827ce05852021-12-21 11:30:53.444root 11241100x8000000000000000536165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8595f47ac77783922021-12-21 11:30:53.444root 11241100x8000000000000000536166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bcdd4510d90be8f2021-12-21 11:30:53.943root 11241100x8000000000000000536167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d24e41d71ced5b3d2021-12-21 11:30:53.943root 11241100x8000000000000000536168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb210c9791ee6e402021-12-21 11:30:53.943root 11241100x8000000000000000536169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a13e94c5a6cb56412021-12-21 11:30:53.943root 11241100x8000000000000000536170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d467a903cf849302021-12-21 11:30:53.943root 11241100x8000000000000000536171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a750b3de228e7b42021-12-21 11:30:53.943root 11241100x8000000000000000536172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbe421c10e6c04a82021-12-21 11:30:53.944root 11241100x8000000000000000536173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4652386663f1239c2021-12-21 11:30:53.944root 11241100x8000000000000000536174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2bc2c57b15103852021-12-21 11:30:53.944root 11241100x8000000000000000536175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9962bcd2b37f5802021-12-21 11:30:53.944root 11241100x8000000000000000536176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e96690df9d0ed302021-12-21 11:30:53.944root 11241100x8000000000000000536177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f71da2086fea875e2021-12-21 11:30:53.944root 11241100x8000000000000000536178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4a0f6ed5214951c2021-12-21 11:30:53.944root 11241100x8000000000000000536179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c439060296306b052021-12-21 11:30:53.944root 11241100x8000000000000000536180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.431662f5f6eb44272021-12-21 11:30:53.944root 11241100x8000000000000000536181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f880431e9fcb7a92021-12-21 11:30:53.944root 11241100x8000000000000000536182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0db48a1c40ae86e2021-12-21 11:30:53.944root 354300x8000000000000000536183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.093{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48648-false10.0.1.12-8000- 11241100x8000000000000000536184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af8cf6cb01944c8f2021-12-21 11:30:54.443root 11241100x8000000000000000536185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cc439fe8a2647d62021-12-21 11:30:54.443root 11241100x8000000000000000536186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.714a9f5ea70702632021-12-21 11:30:54.443root 11241100x8000000000000000536187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3107516e823dbf972021-12-21 11:30:54.443root 11241100x8000000000000000536188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.285c2c49c43b29882021-12-21 11:30:54.444root 11241100x8000000000000000536189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad1019674a50a7c22021-12-21 11:30:54.444root 11241100x8000000000000000536190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41637f20a3bb79c62021-12-21 11:30:54.444root 11241100x8000000000000000536191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4602f5e14ba89682021-12-21 11:30:54.444root 11241100x8000000000000000536192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5edb1748a8a82c82021-12-21 11:30:54.444root 11241100x8000000000000000536193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f46d9a59a66f302b2021-12-21 11:30:54.444root 11241100x8000000000000000536194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.392e9cdc6dc6e36f2021-12-21 11:30:54.444root 11241100x8000000000000000536195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f9836b9b13948ab2021-12-21 11:30:54.444root 11241100x8000000000000000536196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6ea1f692a853cd32021-12-21 11:30:54.444root 11241100x8000000000000000536197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b13d513cdeaac0152021-12-21 11:30:54.444root 11241100x8000000000000000536198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.083bd8010b02927f2021-12-21 11:30:54.444root 11241100x8000000000000000536199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa118dee37a019222021-12-21 11:30:54.444root 11241100x8000000000000000536200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a20361762b1bd8f2021-12-21 11:30:54.444root 11241100x8000000000000000536201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a1ca4446f1215002021-12-21 11:30:54.444root 11241100x8000000000000000536202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed1fc472617f11102021-12-21 11:30:54.943root 11241100x8000000000000000536203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.253663ea67ee98dc2021-12-21 11:30:54.943root 11241100x8000000000000000536204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c7b51e4344202b2021-12-21 11:30:54.943root 11241100x8000000000000000536205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.525c8c840aaa64e92021-12-21 11:30:54.943root 11241100x8000000000000000536206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4abcd8b51a1457ee2021-12-21 11:30:54.943root 11241100x8000000000000000536207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.951908ce206b3e832021-12-21 11:30:54.944root 11241100x8000000000000000536208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.721d802072411f2b2021-12-21 11:30:54.944root 11241100x8000000000000000536209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bebc7fba3adc53252021-12-21 11:30:54.944root 11241100x8000000000000000536210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05e122c574d157112021-12-21 11:30:54.944root 11241100x8000000000000000536211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.767512e7d02ba23c2021-12-21 11:30:54.944root 11241100x8000000000000000536212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd5bfebe6eba69092021-12-21 11:30:54.944root 11241100x8000000000000000536213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed5ebeabd4bd5cc82021-12-21 11:30:54.944root 11241100x8000000000000000536214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c7c50c82716eda52021-12-21 11:30:54.944root 11241100x8000000000000000536215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8db6ebf53464aae2021-12-21 11:30:54.944root 11241100x8000000000000000536216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff508aa66ca5946e2021-12-21 11:30:54.944root 11241100x8000000000000000536217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dafc05a6296bae22021-12-21 11:30:54.944root 11241100x8000000000000000536218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.770c0fa533b2bad32021-12-21 11:30:54.944root 11241100x8000000000000000536219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a807220c35e71b2021-12-21 11:30:54.944root 11241100x8000000000000000536220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ef174aaccc119f22021-12-21 11:30:55.443root 11241100x8000000000000000536221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a589aee0b86f806c2021-12-21 11:30:55.443root 11241100x8000000000000000536222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d7bd0173d3f08e22021-12-21 11:30:55.444root 11241100x8000000000000000536223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.840d7deadee5b2e12021-12-21 11:30:55.444root 11241100x8000000000000000536224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5c3ad12b4a70d2d2021-12-21 11:30:55.444root 11241100x8000000000000000536225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2914a0f3b8b4ffa42021-12-21 11:30:55.444root 11241100x8000000000000000536226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d8abfcb1f1c00dd2021-12-21 11:30:55.444root 11241100x8000000000000000536227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.811d90306b3a921c2021-12-21 11:30:55.444root 11241100x8000000000000000536228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7587fbc9b12cb5012021-12-21 11:30:55.444root 11241100x8000000000000000536229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1a83829280e0e912021-12-21 11:30:55.444root 11241100x8000000000000000536230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94289908358c4ebf2021-12-21 11:30:55.444root 11241100x8000000000000000536231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f54a1e2d0a69a7b02021-12-21 11:30:55.444root 11241100x8000000000000000536232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d279f86c555c0dc2021-12-21 11:30:55.444root 11241100x8000000000000000536233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb64515c97640a822021-12-21 11:30:55.444root 11241100x8000000000000000536234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f15ae01cd6429f92021-12-21 11:30:55.444root 11241100x8000000000000000536235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c18b80c507bb34512021-12-21 11:30:55.444root 11241100x8000000000000000536236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f609a762cb60fcdf2021-12-21 11:30:55.444root 11241100x8000000000000000536237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64b2637f1ae032422021-12-21 11:30:55.445root 11241100x8000000000000000536238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c76b21839f8ed0192021-12-21 11:30:55.943root 11241100x8000000000000000536239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa2aa3169f7dfa32021-12-21 11:30:55.943root 11241100x8000000000000000536240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59c60de8dd9074552021-12-21 11:30:55.943root 11241100x8000000000000000536241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff942c8fc8e4eba02021-12-21 11:30:55.943root 11241100x8000000000000000536242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49a47cd4b364e4e22021-12-21 11:30:55.943root 11241100x8000000000000000536243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a19d701fa8e9712021-12-21 11:30:55.944root 11241100x8000000000000000536244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab60eacb4960d12e2021-12-21 11:30:55.944root 11241100x8000000000000000536245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90a3d434978f86c42021-12-21 11:30:55.944root 11241100x8000000000000000536246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.060ec4dd5b3303592021-12-21 11:30:55.944root 11241100x8000000000000000536247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f3b30137fc31f232021-12-21 11:30:55.944root 11241100x8000000000000000536248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e533dc745b83a4bb2021-12-21 11:30:55.944root 11241100x8000000000000000536249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26fd957e4ac4c7cd2021-12-21 11:30:55.944root 11241100x8000000000000000536250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28562361ab3e40a72021-12-21 11:30:55.944root 11241100x8000000000000000536251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1becc68eec066cfe2021-12-21 11:30:55.944root 11241100x8000000000000000536252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a3b98ce0e9849bb2021-12-21 11:30:55.944root 11241100x8000000000000000536253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e984fecb69539b02021-12-21 11:30:55.944root 11241100x8000000000000000536254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0723b480bcf0a4082021-12-21 11:30:55.944root 11241100x8000000000000000536255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def21e8d597c4a492021-12-21 11:30:55.944root 11241100x8000000000000000536256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c5d31105d117ca2021-12-21 11:30:56.443root 11241100x8000000000000000536257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc7a55799f941a62021-12-21 11:30:56.443root 11241100x8000000000000000536258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00e208df6f1037f62021-12-21 11:30:56.443root 11241100x8000000000000000536259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.534004217f17126a2021-12-21 11:30:56.443root 11241100x8000000000000000536260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ae7f22446bd5252021-12-21 11:30:56.443root 11241100x8000000000000000536261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0031477867cd6d92021-12-21 11:30:56.444root 11241100x8000000000000000536262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64bcec6593a1ff602021-12-21 11:30:56.444root 11241100x8000000000000000536263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb863f8c71e6632b2021-12-21 11:30:56.444root 11241100x8000000000000000536264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7004e58d658cbd152021-12-21 11:30:56.444root 11241100x8000000000000000536265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0232658a08653a5a2021-12-21 11:30:56.444root 11241100x8000000000000000536266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.664de0ff7dab873f2021-12-21 11:30:56.444root 11241100x8000000000000000536267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ca17947b42930762021-12-21 11:30:56.444root 11241100x8000000000000000536268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b39c2c0bd39114e2021-12-21 11:30:56.444root 11241100x8000000000000000536269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4885a606072ae35b2021-12-21 11:30:56.444root 11241100x8000000000000000536270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27a16118c68bef142021-12-21 11:30:56.444root 11241100x8000000000000000536271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8ac385a1b10caa52021-12-21 11:30:56.444root 11241100x8000000000000000536272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e523ddfb7eefeff02021-12-21 11:30:56.444root 11241100x8000000000000000536273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.880d6ce3fc9eb1872021-12-21 11:30:56.444root 11241100x8000000000000000536274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.165e08326aebc6b22021-12-21 11:30:56.943root 11241100x8000000000000000536275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc6647f61a8610f12021-12-21 11:30:56.943root 11241100x8000000000000000536276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1864f1fd239087ff2021-12-21 11:30:56.943root 11241100x8000000000000000536277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2aabb056e4f9a822021-12-21 11:30:56.943root 11241100x8000000000000000536278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59c042ecedc8b1da2021-12-21 11:30:56.943root 11241100x8000000000000000536279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e97b05c95b4bbff2021-12-21 11:30:56.944root 11241100x8000000000000000536280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f80b5a1547785f42021-12-21 11:30:56.944root 11241100x8000000000000000536281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11880df01b0b44db2021-12-21 11:30:56.944root 11241100x8000000000000000536282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c1193ad2fcd88aa2021-12-21 11:30:56.944root 11241100x8000000000000000536283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2345fa65d85007722021-12-21 11:30:56.944root 11241100x8000000000000000536284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb07b67d307403d62021-12-21 11:30:56.944root 11241100x8000000000000000536285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5768c1b0123e24c42021-12-21 11:30:56.944root 11241100x8000000000000000536286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12b358e75ead6b842021-12-21 11:30:56.944root 11241100x8000000000000000536287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c6848c56463a0262021-12-21 11:30:56.944root 11241100x8000000000000000536288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccbf65261867827f2021-12-21 11:30:56.944root 11241100x8000000000000000536289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf88fe245ab03f272021-12-21 11:30:56.944root 11241100x8000000000000000536290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d290dd93d188ee6a2021-12-21 11:30:56.944root 11241100x8000000000000000536291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c58133d68ea8d70f2021-12-21 11:30:56.944root 11241100x8000000000000000536292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ebf69c3558bc4712021-12-21 11:30:57.443root 11241100x8000000000000000536293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2429ca4d9e5d26912021-12-21 11:30:57.443root 11241100x8000000000000000536294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e4bd3dc0887baf22021-12-21 11:30:57.443root 11241100x8000000000000000536295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb15c0a1834839c62021-12-21 11:30:57.443root 11241100x8000000000000000536296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1df18a868a9285e62021-12-21 11:30:57.443root 11241100x8000000000000000536297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b3619c7e9c3969b2021-12-21 11:30:57.444root 11241100x8000000000000000536298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.107547535ef0d4062021-12-21 11:30:57.444root 11241100x8000000000000000536299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b66f4f6185b38dcd2021-12-21 11:30:57.444root 11241100x8000000000000000536300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd063272d570fc6d2021-12-21 11:30:57.444root 11241100x8000000000000000536301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b622d3c567c0827e2021-12-21 11:30:57.444root 11241100x8000000000000000536302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd3b7eb9266609312021-12-21 11:30:57.444root 11241100x8000000000000000536303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b245cb7994e8ec642021-12-21 11:30:57.444root 11241100x8000000000000000536304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc06a9623a6a3f452021-12-21 11:30:57.444root 11241100x8000000000000000536305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95fb4c5747b8aa392021-12-21 11:30:57.444root 11241100x8000000000000000536306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff57ed2a10a778da2021-12-21 11:30:57.444root 11241100x8000000000000000536307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8858d3faf7deb0b2021-12-21 11:30:57.444root 11241100x8000000000000000536308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26a1a967c5515cff2021-12-21 11:30:57.444root 11241100x8000000000000000536309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec70f113b68988992021-12-21 11:30:57.444root 11241100x8000000000000000536310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fee00298a7d6e5ef2021-12-21 11:30:57.943root 11241100x8000000000000000536311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f59e82541d4b253f2021-12-21 11:30:57.943root 11241100x8000000000000000536312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.104951ac57b8b9302021-12-21 11:30:57.944root 11241100x8000000000000000536313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9cf61cd05ebdb962021-12-21 11:30:57.944root 11241100x8000000000000000536314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.147442624a4f796a2021-12-21 11:30:57.944root 11241100x8000000000000000536315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e73eebfefec685b2021-12-21 11:30:57.944root 11241100x8000000000000000536316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9189101eebb6ea8e2021-12-21 11:30:57.944root 11241100x8000000000000000536317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da68a54c8b8654602021-12-21 11:30:57.944root 11241100x8000000000000000536318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf5a77a2c953b5552021-12-21 11:30:57.944root 11241100x8000000000000000536319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41eca22d9fda16922021-12-21 11:30:57.944root 11241100x8000000000000000536320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f53d146a61630e4f2021-12-21 11:30:57.944root 11241100x8000000000000000536321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd7e9a8a799924712021-12-21 11:30:57.944root 11241100x8000000000000000536322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95fef695c9253a362021-12-21 11:30:57.944root 11241100x8000000000000000536323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.866120c1dd0dd6012021-12-21 11:30:57.944root 11241100x8000000000000000536324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae004ca53e5ec6c22021-12-21 11:30:57.944root 11241100x8000000000000000536325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15684961c4f237102021-12-21 11:30:57.944root 11241100x8000000000000000536326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faa9405abee7b7662021-12-21 11:30:57.944root 11241100x8000000000000000536327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fb87c3a73f5f7812021-12-21 11:30:57.944root 11241100x8000000000000000536328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d61bfd78e587b1b2021-12-21 11:30:58.443root 11241100x8000000000000000536329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec1e29e4ef16d1df2021-12-21 11:30:58.443root 11241100x8000000000000000536330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6a29be4c38ef07f2021-12-21 11:30:58.443root 11241100x8000000000000000536331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cf0212ef6bd68ff2021-12-21 11:30:58.443root 11241100x8000000000000000536332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5bad4eab88e67732021-12-21 11:30:58.443root 11241100x8000000000000000536333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a647193202b7abf2021-12-21 11:30:58.444root 11241100x8000000000000000536334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c0067eb1f55f8022021-12-21 11:30:58.444root 11241100x8000000000000000536335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c936b73a1267602e2021-12-21 11:30:58.444root 11241100x8000000000000000536336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a48a62a53a553ee52021-12-21 11:30:58.444root 11241100x8000000000000000536337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de85de0ff14005c72021-12-21 11:30:58.444root 11241100x8000000000000000536338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d31a0e38e24ca43e2021-12-21 11:30:58.444root 11241100x8000000000000000536339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76193bc7ec24a4c42021-12-21 11:30:58.444root 11241100x8000000000000000536340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.691b21d6db36cfed2021-12-21 11:30:58.444root 11241100x8000000000000000536341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0e5dc54b96896a22021-12-21 11:30:58.444root 11241100x8000000000000000536342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c3470ea471f70092021-12-21 11:30:58.444root 11241100x8000000000000000536343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ac614a037f618f72021-12-21 11:30:58.444root 11241100x8000000000000000536344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fc2d7ad1b7095012021-12-21 11:30:58.444root 11241100x8000000000000000536345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6e47ebe9765cc332021-12-21 11:30:58.444root 11241100x8000000000000000536346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3aa3cbcab1580e52021-12-21 11:30:58.943root 11241100x8000000000000000536347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5528b5f7089dbe372021-12-21 11:30:58.943root 11241100x8000000000000000536348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.812f25a3046916422021-12-21 11:30:58.943root 11241100x8000000000000000536349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.575add82d915d9b22021-12-21 11:30:58.943root 11241100x8000000000000000536350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.200121d83929d4fd2021-12-21 11:30:58.943root 11241100x8000000000000000536351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee89387e5bf3d1c62021-12-21 11:30:58.944root 11241100x8000000000000000536352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29e6a52c016853d82021-12-21 11:30:58.944root 11241100x8000000000000000536353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2668bfb58086be152021-12-21 11:30:58.944root 11241100x8000000000000000536354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbd02efb9f0208cf2021-12-21 11:30:58.944root 11241100x8000000000000000536355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d988d79472ffb212021-12-21 11:30:58.944root 11241100x8000000000000000536356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c7fb397dc12b3242021-12-21 11:30:58.944root 11241100x8000000000000000536357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88b412fa1a6179132021-12-21 11:30:58.944root 11241100x8000000000000000536358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48731e58d78afd482021-12-21 11:30:58.944root 11241100x8000000000000000536359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96b54ff949d7edf52021-12-21 11:30:58.944root 11241100x8000000000000000536360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf73648e99fe4fdb2021-12-21 11:30:58.944root 11241100x8000000000000000536361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4c5e821c5adde922021-12-21 11:30:58.944root 11241100x8000000000000000536362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1852ee6f139d01af2021-12-21 11:30:58.944root 11241100x8000000000000000536363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73483562835ada7a2021-12-21 11:30:58.944root 11241100x8000000000000000536364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1dca7db36dccea02021-12-21 11:30:59.443root 11241100x8000000000000000536365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74ed0366fd1b98352021-12-21 11:30:59.443root 11241100x8000000000000000536366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1489423e615ed1c52021-12-21 11:30:59.443root 11241100x8000000000000000536367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d44ae2f6f11ab6452021-12-21 11:30:59.443root 11241100x8000000000000000536368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.943eb9bba253a80b2021-12-21 11:30:59.444root 11241100x8000000000000000536369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d915926e85835be2021-12-21 11:30:59.444root 11241100x8000000000000000536370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eabcefc19504ebc2021-12-21 11:30:59.444root 11241100x8000000000000000536371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31f01751c5a43ba42021-12-21 11:30:59.444root 11241100x8000000000000000536372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afce23e7171bef812021-12-21 11:30:59.444root 11241100x8000000000000000536373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8787f981a09ea1b62021-12-21 11:30:59.444root 11241100x8000000000000000536374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb7b964685aab7f02021-12-21 11:30:59.444root 11241100x8000000000000000536375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2215065c33867ee42021-12-21 11:30:59.444root 11241100x8000000000000000536376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.930872a04fe187712021-12-21 11:30:59.444root 11241100x8000000000000000536377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df0ef5b4b17c181d2021-12-21 11:30:59.444root 11241100x8000000000000000536378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c12063a86a8455942021-12-21 11:30:59.444root 11241100x8000000000000000536379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff72b65d6adb678f2021-12-21 11:30:59.444root 11241100x8000000000000000536380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da8d326ccb22b4442021-12-21 11:30:59.444root 11241100x8000000000000000536381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19786d9ab13047092021-12-21 11:30:59.444root 11241100x8000000000000000536382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f5d3bd4e19a1d3c2021-12-21 11:30:59.943root 11241100x8000000000000000536383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.723c62a9f26984142021-12-21 11:30:59.943root 11241100x8000000000000000536384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f068f826d9c9311a2021-12-21 11:30:59.943root 11241100x8000000000000000536385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee8c46ce2fcca7212021-12-21 11:30:59.943root 11241100x8000000000000000536386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b53f3d09576a532021-12-21 11:30:59.943root 11241100x8000000000000000536387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c65a8351483788c62021-12-21 11:30:59.944root 11241100x8000000000000000536388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ef74d42b66b4fc62021-12-21 11:30:59.944root 11241100x8000000000000000536389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2493245add2ae9f12021-12-21 11:30:59.944root 11241100x8000000000000000536390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7b0629f219ed79f2021-12-21 11:30:59.944root 11241100x8000000000000000536391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c790be9f4d3340f2021-12-21 11:30:59.944root 11241100x8000000000000000536392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec0b2693550125412021-12-21 11:30:59.944root 11241100x8000000000000000536393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e3f3b9b207051992021-12-21 11:30:59.944root 11241100x8000000000000000536394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dda85cc4daf697a42021-12-21 11:30:59.944root 11241100x8000000000000000536395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2dd4bf444c1e4f42021-12-21 11:30:59.944root 11241100x8000000000000000536396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea0e9431d3a93c62021-12-21 11:30:59.944root 11241100x8000000000000000536397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f405fc51bf94292a2021-12-21 11:30:59.944root 11241100x8000000000000000536398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be1a16c065958ce2021-12-21 11:30:59.944root 11241100x8000000000000000536399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1e9aa377b6ab6062021-12-21 11:30:59.944root 354300x8000000000000000536400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.079{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48650-false10.0.1.12-8000- 11241100x8000000000000000536401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99345b66f1350d342021-12-21 11:31:00.443root 11241100x8000000000000000536402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc6d09356900259c2021-12-21 11:31:00.443root 11241100x8000000000000000536403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b60bde5d1b44133d2021-12-21 11:31:00.443root 11241100x8000000000000000536404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3808b5f06a6180842021-12-21 11:31:00.444root 11241100x8000000000000000536405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ecf6ce8ef4cfbb2021-12-21 11:31:00.444root 11241100x8000000000000000536406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d38bf4d48d37b492021-12-21 11:31:00.444root 11241100x8000000000000000536407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e78b12292471161e2021-12-21 11:31:00.444root 11241100x8000000000000000536408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cf7bc2853493d1a2021-12-21 11:31:00.444root 11241100x8000000000000000536409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0095364fa63300c2021-12-21 11:31:00.444root 11241100x8000000000000000536410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af9992c0e0b5a4212021-12-21 11:31:00.444root 11241100x8000000000000000536411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b53976e00e7520fd2021-12-21 11:31:00.444root 11241100x8000000000000000536412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40592e521b48a4c12021-12-21 11:31:00.444root 11241100x8000000000000000536413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f34eb6fe99227fc2021-12-21 11:31:00.444root 11241100x8000000000000000536414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b87e11a064cfe22021-12-21 11:31:00.444root 11241100x8000000000000000536415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2489f39f4e73af962021-12-21 11:31:00.444root 11241100x8000000000000000536416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cdd134b164b14722021-12-21 11:31:00.444root 11241100x8000000000000000536417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b02e719758ec14e02021-12-21 11:31:00.444root 11241100x8000000000000000536418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.880fe057a56836382021-12-21 11:31:00.444root 11241100x8000000000000000536419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c274a148dc872292021-12-21 11:31:00.445root 11241100x8000000000000000536420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89fe0895417f03f92021-12-21 11:31:00.943root 11241100x8000000000000000536421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.196b3a54963cbdd12021-12-21 11:31:00.943root 11241100x8000000000000000536422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b8d3bf334c2194d2021-12-21 11:31:00.943root 11241100x8000000000000000536423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d4c2008124bc9b2021-12-21 11:31:00.943root 11241100x8000000000000000536424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7320695a6a0639e52021-12-21 11:31:00.944root 11241100x8000000000000000536425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87c057cb1a48a4102021-12-21 11:31:00.944root 11241100x8000000000000000536426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b37e9d38e6bbe3bb2021-12-21 11:31:00.944root 11241100x8000000000000000536427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36a7f791e81fed982021-12-21 11:31:00.944root 11241100x8000000000000000536428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb8dcbf0e192818a2021-12-21 11:31:00.944root 11241100x8000000000000000536429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6308207f4d06085f2021-12-21 11:31:00.944root 11241100x8000000000000000536430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96f880dd36fe63072021-12-21 11:31:00.944root 11241100x8000000000000000536431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c75f5efe2ff7d1912021-12-21 11:31:00.944root 11241100x8000000000000000536432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57fe22e681909fa22021-12-21 11:31:00.944root 11241100x8000000000000000536433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd391c772ee875bf2021-12-21 11:31:00.944root 11241100x8000000000000000536434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79c516abed53b3f32021-12-21 11:31:00.944root 11241100x8000000000000000536435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a242f36ec40a9c212021-12-21 11:31:00.945root 11241100x8000000000000000536436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e35a583674ffe1162021-12-21 11:31:00.945root 11241100x8000000000000000536437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff1cd07d5b1016b2021-12-21 11:31:00.945root 11241100x8000000000000000536438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53b21ebc7d8fa46d2021-12-21 11:31:00.945root 11241100x8000000000000000536439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7b88c85b9e433d82021-12-21 11:31:01.443root 11241100x8000000000000000536440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12ada3bc50a14e992021-12-21 11:31:01.443root 11241100x8000000000000000536441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e256b5a2347441642021-12-21 11:31:01.443root 11241100x8000000000000000536442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78ab94ac22ed3fb32021-12-21 11:31:01.443root 11241100x8000000000000000536443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c076d1d6213a4a8e2021-12-21 11:31:01.444root 11241100x8000000000000000536444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2f887c730367ff22021-12-21 11:31:01.444root 11241100x8000000000000000536445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.000d8d75814924502021-12-21 11:31:01.444root 11241100x8000000000000000536446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f642118880c1df32021-12-21 11:31:01.444root 11241100x8000000000000000536447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45bedea40568a29c2021-12-21 11:31:01.444root 11241100x8000000000000000536448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1a1d72a0f21d8782021-12-21 11:31:01.444root 11241100x8000000000000000536449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d48516c2665ffcb52021-12-21 11:31:01.444root 11241100x8000000000000000536450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86e2cad4411794e42021-12-21 11:31:01.444root 11241100x8000000000000000536451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2089c45f7fb8ac662021-12-21 11:31:01.444root 11241100x8000000000000000536452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53c6cf019c19eda32021-12-21 11:31:01.444root 11241100x8000000000000000536453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.916e2aad23b43ee12021-12-21 11:31:01.444root 11241100x8000000000000000536454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95fabf336b5d2b852021-12-21 11:31:01.444root 11241100x8000000000000000536455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cb16afb587cb0e12021-12-21 11:31:01.444root 11241100x8000000000000000536456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b51f281fe0de3cb2021-12-21 11:31:01.444root 11241100x8000000000000000536457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.872947131eb921262021-12-21 11:31:01.444root 11241100x8000000000000000536458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef002fd54fbb3f2a2021-12-21 11:31:01.943root 11241100x8000000000000000536459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54948aca0414f9ab2021-12-21 11:31:01.943root 11241100x8000000000000000536460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c6f958ca115c2b2021-12-21 11:31:01.943root 11241100x8000000000000000536461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f1cf4f0da5953622021-12-21 11:31:01.943root 11241100x8000000000000000536462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8c838efb33f517e2021-12-21 11:31:01.944root 11241100x8000000000000000536463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ecce9f39acf17722021-12-21 11:31:01.944root 11241100x8000000000000000536464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78aa2a0fcb74d5752021-12-21 11:31:01.944root 11241100x8000000000000000536465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c53125b971063a172021-12-21 11:31:01.944root 11241100x8000000000000000536466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca652ff71ff295562021-12-21 11:31:01.944root 11241100x8000000000000000536467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e32c91e6c69973642021-12-21 11:31:01.944root 11241100x8000000000000000536468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07a137b6efe48a1e2021-12-21 11:31:01.944root 11241100x8000000000000000536469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ab0cf83387a79f82021-12-21 11:31:01.944root 11241100x8000000000000000536470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9af38be8f629c1962021-12-21 11:31:01.944root 11241100x8000000000000000536471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf03259b9f94a2892021-12-21 11:31:01.944root 11241100x8000000000000000536472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d459f1cf01147ac92021-12-21 11:31:01.944root 11241100x8000000000000000536473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23a3e8baea3d00cc2021-12-21 11:31:01.944root 11241100x8000000000000000536474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10576443ddef30e12021-12-21 11:31:01.944root 11241100x8000000000000000536475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.649eb4161541074a2021-12-21 11:31:01.944root 11241100x8000000000000000536476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a8fb1368cb588b72021-12-21 11:31:01.944root 11241100x8000000000000000536477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e580408fffd8be152021-12-21 11:31:02.443root 11241100x8000000000000000536478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c17dcde5791702982021-12-21 11:31:02.443root 11241100x8000000000000000536479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ccc4cc6d7e4d8e82021-12-21 11:31:02.443root 11241100x8000000000000000536480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fb1f6f486226f0c2021-12-21 11:31:02.443root 11241100x8000000000000000536481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc1fea2b4e18d76d2021-12-21 11:31:02.443root 11241100x8000000000000000536482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a437ab74b0eae5072021-12-21 11:31:02.444root 11241100x8000000000000000536483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bf9d169c3c987f72021-12-21 11:31:02.444root 11241100x8000000000000000536484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a12ea2e2d8ffa342021-12-21 11:31:02.444root 11241100x8000000000000000536485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed81041b341ac032021-12-21 11:31:02.444root 11241100x8000000000000000536486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dde57f83e0f0f182021-12-21 11:31:02.444root 11241100x8000000000000000536487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dab5d829dc587fed2021-12-21 11:31:02.444root 11241100x8000000000000000536488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cc196b1218a537b2021-12-21 11:31:02.444root 11241100x8000000000000000536489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b6398651717c13d2021-12-21 11:31:02.444root 11241100x8000000000000000536490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e8c2fbd6bbc61742021-12-21 11:31:02.444root 11241100x8000000000000000536491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d706e0436f465582021-12-21 11:31:02.444root 11241100x8000000000000000536492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7d083ae9b09954d2021-12-21 11:31:02.444root 11241100x8000000000000000536493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c372d59150e61ebf2021-12-21 11:31:02.444root 11241100x8000000000000000536494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24c6e8089cd85af12021-12-21 11:31:02.444root 11241100x8000000000000000536495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fefbd6210c6553ea2021-12-21 11:31:02.444root 11241100x8000000000000000536496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b3c79a51ced1d4c2021-12-21 11:31:02.943root 11241100x8000000000000000536497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afaca544b62334d82021-12-21 11:31:02.943root 11241100x8000000000000000536498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cfacde60d38d91c2021-12-21 11:31:02.943root 11241100x8000000000000000536499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c22dffa879f49ca2021-12-21 11:31:02.943root 11241100x8000000000000000536500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c695df4d857f08322021-12-21 11:31:02.944root 11241100x8000000000000000536501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77ee6e04b15dcfed2021-12-21 11:31:02.944root 11241100x8000000000000000536502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed59d80abd743612021-12-21 11:31:02.944root 11241100x8000000000000000536503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.432be53141cb99e22021-12-21 11:31:02.944root 11241100x8000000000000000536504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce3a22f4b48d29172021-12-21 11:31:02.944root 11241100x8000000000000000536505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9541f21294a5b60e2021-12-21 11:31:02.944root 11241100x8000000000000000536506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f2da83015d2e00e2021-12-21 11:31:02.944root 11241100x8000000000000000536507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4c9244d32b9ba9f2021-12-21 11:31:02.944root 11241100x8000000000000000536508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2303f2680220413d2021-12-21 11:31:02.944root 11241100x8000000000000000536509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.133222af40d04bdc2021-12-21 11:31:02.944root 11241100x8000000000000000536510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b94b609d06aec1212021-12-21 11:31:02.944root 11241100x8000000000000000536511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a12b3db3c2e8b692021-12-21 11:31:02.944root 11241100x8000000000000000536512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.592c26ae6ee40e6e2021-12-21 11:31:02.944root 11241100x8000000000000000536513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef98518a7c76e2a82021-12-21 11:31:02.944root 11241100x8000000000000000536514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.601ae32bfe8bfb4d2021-12-21 11:31:02.944root 11241100x8000000000000000536515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2385fbcc6f0012b12021-12-21 11:31:03.443root 11241100x8000000000000000536516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6d57e187bd7b90d2021-12-21 11:31:03.443root 11241100x8000000000000000536517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8d4e2824d3e583c2021-12-21 11:31:03.443root 11241100x8000000000000000536518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce25672639379f512021-12-21 11:31:03.443root 11241100x8000000000000000536519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18bcb8aefa4cf70b2021-12-21 11:31:03.444root 11241100x8000000000000000536520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fec48f5d29f348da2021-12-21 11:31:03.444root 11241100x8000000000000000536521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8f832c7b7c5cbac2021-12-21 11:31:03.444root 11241100x8000000000000000536522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.908955e53bcd3ab42021-12-21 11:31:03.444root 11241100x8000000000000000536523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a48bdf2d20e321112021-12-21 11:31:03.444root 11241100x8000000000000000536524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2f3efc464cc80472021-12-21 11:31:03.444root 11241100x8000000000000000536525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.631f7d7eaf19af752021-12-21 11:31:03.444root 11241100x8000000000000000536526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82418fcbedaee65a2021-12-21 11:31:03.444root 11241100x8000000000000000536527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c84584656ecf412021-12-21 11:31:03.444root 11241100x8000000000000000536528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede0abd8d8d022fa2021-12-21 11:31:03.444root 11241100x8000000000000000536529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.252ea145efd613792021-12-21 11:31:03.444root 11241100x8000000000000000536530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f23c2d77761c4912021-12-21 11:31:03.444root 11241100x8000000000000000536531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50d570be47ff5c302021-12-21 11:31:03.444root 11241100x8000000000000000536532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d68dd68d3ebd5762021-12-21 11:31:03.444root 11241100x8000000000000000536533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d704211a7502d872021-12-21 11:31:03.444root 11241100x8000000000000000536534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d286302f7ff35482021-12-21 11:31:03.943root 11241100x8000000000000000536535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d947ecfac19b2b452021-12-21 11:31:03.943root 11241100x8000000000000000536536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a302952f07a57d2021-12-21 11:31:03.943root 11241100x8000000000000000536537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23f3f6edd5ca1e192021-12-21 11:31:03.943root 11241100x8000000000000000536538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbab8e16de69ab0b2021-12-21 11:31:03.944root 11241100x8000000000000000536539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f75fc9acbd29bdfa2021-12-21 11:31:03.944root 11241100x8000000000000000536540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fadcc27b711008e72021-12-21 11:31:03.944root 11241100x8000000000000000536541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0588776f75722e2e2021-12-21 11:31:03.944root 11241100x8000000000000000536542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0905d7318b42ee72021-12-21 11:31:03.944root 11241100x8000000000000000536543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e4cb1d04f7859692021-12-21 11:31:03.944root 11241100x8000000000000000536544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02c5668565467f3c2021-12-21 11:31:03.944root 11241100x8000000000000000536545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc24bb2d554b38972021-12-21 11:31:03.944root 11241100x8000000000000000536546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc178d28ada04bc2021-12-21 11:31:03.944root 11241100x8000000000000000536547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fac8c38a48db8242021-12-21 11:31:03.944root 11241100x8000000000000000536548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba77947ef24ed6582021-12-21 11:31:03.944root 11241100x8000000000000000536549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.189b231a3181f2ec2021-12-21 11:31:03.944root 11241100x8000000000000000536550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcf8fada689007fa2021-12-21 11:31:03.944root 11241100x8000000000000000536551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6729a09d713f7dc2021-12-21 11:31:03.944root 11241100x8000000000000000536552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce4a8e67b10908592021-12-21 11:31:03.944root 11241100x8000000000000000536553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8555ee4ea1ffb9e2021-12-21 11:31:04.443root 11241100x8000000000000000536554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a768305f2c960e52021-12-21 11:31:04.443root 11241100x8000000000000000536555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.626acb87902b80ff2021-12-21 11:31:04.443root 11241100x8000000000000000536556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76acaccfaf5f87ab2021-12-21 11:31:04.443root 11241100x8000000000000000536557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26617470060da7182021-12-21 11:31:04.444root 11241100x8000000000000000536558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c9381fc14c737552021-12-21 11:31:04.444root 11241100x8000000000000000536559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c643fec422e05c3d2021-12-21 11:31:04.444root 11241100x8000000000000000536560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b334bcde3951f1fc2021-12-21 11:31:04.444root 11241100x8000000000000000536561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b729033e9b4db9aa2021-12-21 11:31:04.444root 11241100x8000000000000000536562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c10c95ef2e27ddd52021-12-21 11:31:04.444root 11241100x8000000000000000536563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf895de928521412021-12-21 11:31:04.444root 11241100x8000000000000000536564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9478f8bf0fd3db5e2021-12-21 11:31:04.444root 11241100x8000000000000000536565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2581dc8e97bd70732021-12-21 11:31:04.444root 11241100x8000000000000000536566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8aab46f2afd60512021-12-21 11:31:04.444root 11241100x8000000000000000536567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc675cb748fb08982021-12-21 11:31:04.444root 11241100x8000000000000000536568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61a4f395f95805692021-12-21 11:31:04.444root 11241100x8000000000000000536569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0166b8fcc448188f2021-12-21 11:31:04.444root 11241100x8000000000000000536570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e7917a5577783c22021-12-21 11:31:04.444root 11241100x8000000000000000536571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a22afe07e068493b2021-12-21 11:31:04.444root 11241100x8000000000000000536572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14eca463a699e47b2021-12-21 11:31:04.943root 11241100x8000000000000000536573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b65ac0825c678f082021-12-21 11:31:04.943root 11241100x8000000000000000536574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b8df7717a3ea5b22021-12-21 11:31:04.943root 11241100x8000000000000000536575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab8b3052b3865afd2021-12-21 11:31:04.944root 11241100x8000000000000000536576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a40501f0885b5f312021-12-21 11:31:04.944root 11241100x8000000000000000536577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.189b315c22777a582021-12-21 11:31:04.944root 11241100x8000000000000000536578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2a52fbeda54edbf2021-12-21 11:31:04.944root 11241100x8000000000000000536579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bf4f972e668807e2021-12-21 11:31:04.944root 11241100x8000000000000000536580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b087a3ec29dba99f2021-12-21 11:31:04.944root 11241100x8000000000000000536581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88c01bc86ae575f72021-12-21 11:31:04.944root 11241100x8000000000000000536582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10f9a4eff87e8e152021-12-21 11:31:04.944root 11241100x8000000000000000536583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79d91a4b30aac3a72021-12-21 11:31:04.944root 11241100x8000000000000000536584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede8c8084168fa212021-12-21 11:31:04.944root 11241100x8000000000000000536585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a427ce82cf517e1a2021-12-21 11:31:04.944root 11241100x8000000000000000536586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58c8aee1b4c2bd122021-12-21 11:31:04.944root 11241100x8000000000000000536587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41642654ed7089f42021-12-21 11:31:04.944root 11241100x8000000000000000536588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e1396b105973d1d2021-12-21 11:31:04.944root 11241100x8000000000000000536589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df9ceec29e171bee2021-12-21 11:31:04.944root 11241100x8000000000000000536590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6273d7d9f230c5962021-12-21 11:31:04.944root 354300x8000000000000000536591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.104{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48652-false10.0.1.12-8000- 11241100x8000000000000000536592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97f2a0480993fa3e2021-12-21 11:31:05.443root 11241100x8000000000000000536593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34db09c3928583ce2021-12-21 11:31:05.444root 11241100x8000000000000000536594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bbd32eca5223b842021-12-21 11:31:05.444root 11241100x8000000000000000536595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0457d2acc07ffee52021-12-21 11:31:05.444root 11241100x8000000000000000536596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7659472af34dd5a92021-12-21 11:31:05.444root 11241100x8000000000000000536597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3acede31408408c32021-12-21 11:31:05.444root 11241100x8000000000000000536598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ab0e4abff9833ae2021-12-21 11:31:05.444root 11241100x8000000000000000536599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c3cba48ca0aaf022021-12-21 11:31:05.444root 11241100x8000000000000000536600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b39d078b7462a1f62021-12-21 11:31:05.444root 11241100x8000000000000000536601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25f59bd3449799492021-12-21 11:31:05.444root 11241100x8000000000000000536602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea41db41e3fd90c2021-12-21 11:31:05.444root 11241100x8000000000000000536603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b2b83e994042fe52021-12-21 11:31:05.444root 11241100x8000000000000000536604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69c2265d264a75e02021-12-21 11:31:05.444root 11241100x8000000000000000536605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cf5dadb9a1975902021-12-21 11:31:05.444root 11241100x8000000000000000536606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2f055dad9713dfe2021-12-21 11:31:05.444root 11241100x8000000000000000536607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f8929a7e940099e2021-12-21 11:31:05.444root 11241100x8000000000000000536608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7b7ebfb3a139b642021-12-21 11:31:05.445root 11241100x8000000000000000536609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ec52edc6083b0f32021-12-21 11:31:05.445root 11241100x8000000000000000536610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.873a12b004c007242021-12-21 11:31:05.445root 11241100x8000000000000000536611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1174bf7c7ee134132021-12-21 11:31:05.445root 11241100x8000000000000000536612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.912ae323ef7234a42021-12-21 11:31:05.943root 11241100x8000000000000000536613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b42769f31603711c2021-12-21 11:31:05.944root 11241100x8000000000000000536614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c30a9a373eed41052021-12-21 11:31:05.944root 11241100x8000000000000000536615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3bab93dac8f76672021-12-21 11:31:05.944root 11241100x8000000000000000536616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.031321a1893248fc2021-12-21 11:31:05.944root 11241100x8000000000000000536617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf62c6a8301b07bc2021-12-21 11:31:05.944root 11241100x8000000000000000536618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea0f5bd4ffe6852e2021-12-21 11:31:05.944root 11241100x8000000000000000536619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1526ab5f1abec8892021-12-21 11:31:05.944root 11241100x8000000000000000536620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e2e2541599411ba2021-12-21 11:31:05.945root 11241100x8000000000000000536621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.651da9ca23e70cb32021-12-21 11:31:05.945root 11241100x8000000000000000536622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f8b29e2f93dd632021-12-21 11:31:05.945root 11241100x8000000000000000536623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a213fa685a2c0fbd2021-12-21 11:31:05.945root 11241100x8000000000000000536624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9a5aed7f43de3332021-12-21 11:31:05.945root 11241100x8000000000000000536625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.007f6e3b2dc454ab2021-12-21 11:31:05.945root 11241100x8000000000000000536626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b926545935b84dc2021-12-21 11:31:05.945root 11241100x8000000000000000536627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95b0a7dfc742f60f2021-12-21 11:31:05.945root 11241100x8000000000000000536628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a50b138bc0505e62021-12-21 11:31:05.945root 11241100x8000000000000000536629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d51f21fcc66b5b7d2021-12-21 11:31:05.945root 11241100x8000000000000000536630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9f9049a0c897ed32021-12-21 11:31:05.945root 11241100x8000000000000000536631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ebe709438b8695a2021-12-21 11:31:05.946root 11241100x8000000000000000536632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.326{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 11:31:06.326root 11241100x8000000000000000536633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.327{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.729ea9ab7480ed812021-12-21 11:31:06.327root 11241100x8000000000000000536634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.327{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f3f3d9929ca97752021-12-21 11:31:06.327root 11241100x8000000000000000536635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.328{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99c840d9f706c3912021-12-21 11:31:06.328root 11241100x8000000000000000536636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.328{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dde6ec37a24afdc42021-12-21 11:31:06.328root 11241100x8000000000000000536637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.328{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81a5447dd60c61342021-12-21 11:31:06.328root 11241100x8000000000000000536638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.328{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31ef363de304082a2021-12-21 11:31:06.328root 11241100x8000000000000000536639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8bcab1da30e7bcb2021-12-21 11:31:06.329root 11241100x8000000000000000536640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d86ebe56a2a8d352021-12-21 11:31:06.329root 11241100x8000000000000000536641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e795b63a1c4142b02021-12-21 11:31:06.329root 11241100x8000000000000000536642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.252263ae63bdb91a2021-12-21 11:31:06.329root 11241100x8000000000000000536643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.560b10811063e4292021-12-21 11:31:06.329root 11241100x8000000000000000536644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e40d17becf35c952021-12-21 11:31:06.329root 11241100x8000000000000000536645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e096b2c3e92c15cd2021-12-21 11:31:06.329root 11241100x8000000000000000536646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.442bcca0d927aa822021-12-21 11:31:06.329root 11241100x8000000000000000536647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fae337f6ea323da92021-12-21 11:31:06.329root 11241100x8000000000000000536648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a0451032f9f11b2021-12-21 11:31:06.329root 11241100x8000000000000000536649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7f02e03559a56782021-12-21 11:31:06.329root 11241100x8000000000000000536650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0a0635b92e816852021-12-21 11:31:06.329root 11241100x8000000000000000536651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f3b322ef9df12a72021-12-21 11:31:06.330root 11241100x8000000000000000536652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21753e13baf7bfa02021-12-21 11:31:06.330root 11241100x8000000000000000536653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd0e73873dc8c3802021-12-21 11:31:06.330root 11241100x8000000000000000536654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f83a71304ad3e4bf2021-12-21 11:31:06.330root 11241100x8000000000000000536655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41d550b879f9602b2021-12-21 11:31:06.330root 11241100x8000000000000000536656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d967f57471b6a7802021-12-21 11:31:06.693root 11241100x8000000000000000536657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.676f10ce317ab1462021-12-21 11:31:06.693root 11241100x8000000000000000536658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53e5d5bf142e1d222021-12-21 11:31:06.693root 11241100x8000000000000000536659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59e00db15ad934bd2021-12-21 11:31:06.693root 11241100x8000000000000000536660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce181c7315c982392021-12-21 11:31:06.693root 11241100x8000000000000000536661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a83fd816900eb1072021-12-21 11:31:06.693root 11241100x8000000000000000536662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7639bd6134afeb332021-12-21 11:31:06.693root 11241100x8000000000000000536663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77ceceb7d006026e2021-12-21 11:31:06.693root 11241100x8000000000000000536664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba83fd083a8a90362021-12-21 11:31:06.694root 11241100x8000000000000000536665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87be02848eba8e4c2021-12-21 11:31:06.694root 11241100x8000000000000000536666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e826ed55b7dec542021-12-21 11:31:06.694root 11241100x8000000000000000536667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f8c4e57629ad9f72021-12-21 11:31:06.694root 11241100x8000000000000000536668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d876bd249ac0ed552021-12-21 11:31:06.694root 11241100x8000000000000000536669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07511d45b2c41b752021-12-21 11:31:06.695root 11241100x8000000000000000536670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05e93b253626d3c42021-12-21 11:31:06.695root 11241100x8000000000000000536671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7774ea50b92bff902021-12-21 11:31:06.695root 11241100x8000000000000000536672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc5e1b3ab9046b632021-12-21 11:31:06.695root 11241100x8000000000000000536673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84cefb91833e4d132021-12-21 11:31:06.695root 11241100x8000000000000000536674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.051fa675ecc101a82021-12-21 11:31:06.695root 11241100x8000000000000000536675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.501ab79849757df82021-12-21 11:31:06.695root 11241100x8000000000000000536676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb5236a6d5fe1dcc2021-12-21 11:31:06.695root 11241100x8000000000000000536677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d881f5583b6571922021-12-21 11:31:06.696root 11241100x8000000000000000536678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2787c07c59328c82021-12-21 11:31:06.696root 11241100x8000000000000000536679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a4fe23996aa985f2021-12-21 11:31:06.696root 11241100x8000000000000000536680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c38edfdc9da7b84e2021-12-21 11:31:06.696root 11241100x8000000000000000536681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b468a1ab3fa034bd2021-12-21 11:31:06.697root 11241100x8000000000000000536682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa590026c22454202021-12-21 11:31:07.193root 11241100x8000000000000000536683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a576404fe9b4c402021-12-21 11:31:07.193root 11241100x8000000000000000536684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f77d211ba5610ad2021-12-21 11:31:07.193root 11241100x8000000000000000536685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1bdda7f35528e1e2021-12-21 11:31:07.193root 11241100x8000000000000000536686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acb3b98e111d91042021-12-21 11:31:07.193root 11241100x8000000000000000536687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.264d047fff4253752021-12-21 11:31:07.194root 11241100x8000000000000000536688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.642584fb5e508ded2021-12-21 11:31:07.194root 11241100x8000000000000000536689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf2ed399fea9c40b2021-12-21 11:31:07.194root 11241100x8000000000000000536690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f93e9bac08b6d8ed2021-12-21 11:31:07.194root 11241100x8000000000000000536691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0845b417145337f2021-12-21 11:31:07.194root 11241100x8000000000000000536692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.524c3ae906d1d5ef2021-12-21 11:31:07.194root 11241100x8000000000000000536693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0105e57f74603e862021-12-21 11:31:07.194root 11241100x8000000000000000536694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc93670ba86a3c422021-12-21 11:31:07.194root 11241100x8000000000000000536695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7884e6e380f1e6722021-12-21 11:31:07.194root 11241100x8000000000000000536696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a640bced7bf27e52021-12-21 11:31:07.194root 11241100x8000000000000000536697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.814b8858b70020a32021-12-21 11:31:07.194root 11241100x8000000000000000536698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdaf9cbed15c55332021-12-21 11:31:07.194root 11241100x8000000000000000536699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.463c385af462f4c82021-12-21 11:31:07.194root 11241100x8000000000000000536700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef66b8d1b034e90b2021-12-21 11:31:07.194root 11241100x8000000000000000536701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.527a13d59ea2e6932021-12-21 11:31:07.194root 11241100x8000000000000000536702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87dd14a3529a8b1e2021-12-21 11:31:07.195root 11241100x8000000000000000536703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f304130d97c8c0e82021-12-21 11:31:07.693root 11241100x8000000000000000536704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.938e63d411b8f5002021-12-21 11:31:07.693root 11241100x8000000000000000536705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ddd769689d262872021-12-21 11:31:07.693root 11241100x8000000000000000536706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6830ed11bbfa1d932021-12-21 11:31:07.693root 11241100x8000000000000000536707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13991f558349b24f2021-12-21 11:31:07.693root 11241100x8000000000000000536708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.118dbc17ac9332f32021-12-21 11:31:07.693root 11241100x8000000000000000536709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1354f32ffb8399a2021-12-21 11:31:07.693root 11241100x8000000000000000536710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bd89876169535aa2021-12-21 11:31:07.693root 11241100x8000000000000000536711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.307141c60b39a81f2021-12-21 11:31:07.693root 11241100x8000000000000000536712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb7a343fccc508e82021-12-21 11:31:07.693root 11241100x8000000000000000536713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.830bfb63250abfdf2021-12-21 11:31:07.694root 11241100x8000000000000000536714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6c7817cd1ec82602021-12-21 11:31:07.694root 11241100x8000000000000000536715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07b171d03d91f4612021-12-21 11:31:07.694root 11241100x8000000000000000536716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eedba0ac85b6b6a2021-12-21 11:31:07.694root 11241100x8000000000000000536717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5e738e7c89f34472021-12-21 11:31:07.694root 11241100x8000000000000000536718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c9d5efa74c094b02021-12-21 11:31:07.694root 11241100x8000000000000000536719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21af75968158bec32021-12-21 11:31:07.694root 11241100x8000000000000000536720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b759825972a5ddd2021-12-21 11:31:07.694root 11241100x8000000000000000536721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1173659020c149102021-12-21 11:31:07.694root 11241100x8000000000000000536722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d78581715fcef232021-12-21 11:31:07.694root 11241100x8000000000000000536723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67148c0a784c16ca2021-12-21 11:31:07.694root 11241100x8000000000000000536724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e9f63e2534f2ee2021-12-21 11:31:08.193root 11241100x8000000000000000536725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7781d8521e93a5322021-12-21 11:31:08.193root 11241100x8000000000000000536726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4358273498fea8732021-12-21 11:31:08.193root 11241100x8000000000000000536727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4db2c657ed721f0a2021-12-21 11:31:08.194root 11241100x8000000000000000536728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50bde060e5aea7222021-12-21 11:31:08.194root 11241100x8000000000000000536729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77a0f7ef7ffac7662021-12-21 11:31:08.194root 11241100x8000000000000000536730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a88eb60bc61f571c2021-12-21 11:31:08.194root 11241100x8000000000000000536731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa327a8afd392ba52021-12-21 11:31:08.194root 11241100x8000000000000000536732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dfe0bbc3be47cd22021-12-21 11:31:08.194root 11241100x8000000000000000536733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12a6f06fa0d1016f2021-12-21 11:31:08.194root 11241100x8000000000000000536734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbc14bf7b7f95d182021-12-21 11:31:08.194root 11241100x8000000000000000536735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc4005a062904362021-12-21 11:31:08.194root 11241100x8000000000000000536736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.718c0c4e15cb382d2021-12-21 11:31:08.194root 11241100x8000000000000000536737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6bee4979b0fdd562021-12-21 11:31:08.194root 11241100x8000000000000000536738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02b96f42eda059232021-12-21 11:31:08.194root 11241100x8000000000000000536739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.128f073d067c645d2021-12-21 11:31:08.194root 11241100x8000000000000000536740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e12b55cfa61412022021-12-21 11:31:08.194root 11241100x8000000000000000536741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f29456347df47b662021-12-21 11:31:08.194root 11241100x8000000000000000536742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b717e721007f52aa2021-12-21 11:31:08.195root 11241100x8000000000000000536743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdf4fd84972179802021-12-21 11:31:08.195root 11241100x8000000000000000536744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76496cd7c86601842021-12-21 11:31:08.195root 11241100x8000000000000000536745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c4e627e999923172021-12-21 11:31:08.693root 11241100x8000000000000000536746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.677b8eb9d7516f062021-12-21 11:31:08.693root 11241100x8000000000000000536747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.509ee924de8b5bd62021-12-21 11:31:08.693root 11241100x8000000000000000536748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e8b458830f8a6a52021-12-21 11:31:08.693root 11241100x8000000000000000536749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.701bb809e9b4fc252021-12-21 11:31:08.693root 11241100x8000000000000000536750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14d370aed95d4b042021-12-21 11:31:08.693root 11241100x8000000000000000536751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9397043a46dc5d4c2021-12-21 11:31:08.693root 11241100x8000000000000000536752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57246c8da8963f9c2021-12-21 11:31:08.693root 11241100x8000000000000000536753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03899cf5d33cde262021-12-21 11:31:08.693root 11241100x8000000000000000536754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.064b102040e8ba392021-12-21 11:31:08.693root 11241100x8000000000000000536755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b091cf44b97bdc02021-12-21 11:31:08.693root 11241100x8000000000000000536756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b44e736966f1abe92021-12-21 11:31:08.693root 11241100x8000000000000000536757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.349c73e26143b4a02021-12-21 11:31:08.693root 11241100x8000000000000000536758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beffdd07bc51642e2021-12-21 11:31:08.694root 11241100x8000000000000000536759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f79ec3160d639222021-12-21 11:31:08.694root 11241100x8000000000000000536760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa75be05d88f97f22021-12-21 11:31:08.694root 11241100x8000000000000000536761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e3fd036c422f5a92021-12-21 11:31:08.694root 11241100x8000000000000000536762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7539fa705a9dc8392021-12-21 11:31:08.694root 11241100x8000000000000000536763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afc8daac6086d3cf2021-12-21 11:31:08.694root 11241100x8000000000000000536764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb6732fcf5c3f4d32021-12-21 11:31:08.694root 11241100x8000000000000000536765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94a8ebecc8cc0c132021-12-21 11:31:08.694root 11241100x8000000000000000536766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fd867d8aac461e22021-12-21 11:31:08.694root 11241100x8000000000000000536767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00f8fb88fe622aea2021-12-21 11:31:08.694root 11241100x8000000000000000536768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0d6cd99404b4da22021-12-21 11:31:08.694root 11241100x8000000000000000536769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6de8b90a34492332021-12-21 11:31:08.694root 11241100x8000000000000000536770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e7803391a02ff5d2021-12-21 11:31:09.193root 11241100x8000000000000000536771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3415d03de8d3345f2021-12-21 11:31:09.193root 11241100x8000000000000000536772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0053e0c43b4839e52021-12-21 11:31:09.193root 11241100x8000000000000000536773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a876c216b8d0d7502021-12-21 11:31:09.193root 11241100x8000000000000000536774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb540c31f7baaa952021-12-21 11:31:09.193root 11241100x8000000000000000536775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e417bed769e499a72021-12-21 11:31:09.193root 11241100x8000000000000000536776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f450937a65c6e08a2021-12-21 11:31:09.193root 11241100x8000000000000000536777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d5a99aa702e8012021-12-21 11:31:09.193root 11241100x8000000000000000536778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7abf2160c2eab4d82021-12-21 11:31:09.193root 11241100x8000000000000000536779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f570bb53cebcca2f2021-12-21 11:31:09.193root 11241100x8000000000000000536780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ca364db6bc4d03a2021-12-21 11:31:09.194root 11241100x8000000000000000536781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2544eba0dbb6de6d2021-12-21 11:31:09.194root 11241100x8000000000000000536782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a89217a0912fc01d2021-12-21 11:31:09.194root 11241100x8000000000000000536783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e2725130915b632021-12-21 11:31:09.194root 11241100x8000000000000000536784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fe16524b4145a0c2021-12-21 11:31:09.194root 11241100x8000000000000000536785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95fb68d1531ded562021-12-21 11:31:09.194root 11241100x8000000000000000536786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca1308076dc6e1f82021-12-21 11:31:09.194root 11241100x8000000000000000536787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea000282e0c102992021-12-21 11:31:09.194root 11241100x8000000000000000536788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dcaf7665e6033712021-12-21 11:31:09.194root 11241100x8000000000000000536789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae8e7f880f3fc4f72021-12-21 11:31:09.194root 11241100x8000000000000000536790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e5904401db79712021-12-21 11:31:09.194root 23542300x8000000000000000536791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.248{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000536792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b82934b44def96e2021-12-21 11:31:09.693root 11241100x8000000000000000536793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bf2598d835459432021-12-21 11:31:09.693root 11241100x8000000000000000536794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.052b17e7cedae8ea2021-12-21 11:31:09.693root 11241100x8000000000000000536795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f79aebc33ccecb42021-12-21 11:31:09.694root 11241100x8000000000000000536796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.457cded3976c06aa2021-12-21 11:31:09.694root 11241100x8000000000000000536797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cb701ce788917ab2021-12-21 11:31:09.694root 11241100x8000000000000000536798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad716228cfa776342021-12-21 11:31:09.694root 11241100x8000000000000000536799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20b52eaf9465234b2021-12-21 11:31:09.694root 11241100x8000000000000000536800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9ee90bc07efa80e2021-12-21 11:31:09.694root 11241100x8000000000000000536801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f38e6bc1ebc128f2021-12-21 11:31:09.694root 11241100x8000000000000000536802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.382957cd60be8e582021-12-21 11:31:09.694root 11241100x8000000000000000536803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3c9784558e860fd2021-12-21 11:31:09.694root 11241100x8000000000000000536804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c92e0ab85cfb28d42021-12-21 11:31:09.694root 11241100x8000000000000000536805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be9b0425d02d2d432021-12-21 11:31:09.694root 11241100x8000000000000000536806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35bf0d89c2a0c2452021-12-21 11:31:09.694root 11241100x8000000000000000536807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1022aaaf38c58472021-12-21 11:31:09.694root 11241100x8000000000000000536808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b37e55f15795e86e2021-12-21 11:31:09.694root 11241100x8000000000000000536809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.072cad2cc6960acf2021-12-21 11:31:09.694root 11241100x8000000000000000536810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba4d49f10c8048352021-12-21 11:31:09.695root 11241100x8000000000000000536811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fabc1e9c490070bc2021-12-21 11:31:09.695root 11241100x8000000000000000536812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6947e9d57dc16042021-12-21 11:31:09.695root 11241100x8000000000000000536813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e4c095c018477b22021-12-21 11:31:09.695root 11241100x8000000000000000536814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7b6b74ce7294c342021-12-21 11:31:10.193root 11241100x8000000000000000536815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc2e0f8be21149462021-12-21 11:31:10.193root 11241100x8000000000000000536816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e77f7722b16271b32021-12-21 11:31:10.193root 11241100x8000000000000000536817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c20eb19ef2391c2021-12-21 11:31:10.193root 11241100x8000000000000000536818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d28b0836b20917472021-12-21 11:31:10.193root 11241100x8000000000000000536819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4168741f2ced9682021-12-21 11:31:10.193root 11241100x8000000000000000536820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89dd5c9cfb03ebf82021-12-21 11:31:10.193root 11241100x8000000000000000536821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.091ae2d2d18cc8e92021-12-21 11:31:10.194root 11241100x8000000000000000536822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c0213d4d941418e2021-12-21 11:31:10.194root 11241100x8000000000000000536823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2ded6a84b8eec1d2021-12-21 11:31:10.194root 11241100x8000000000000000536824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5948e46f67807092021-12-21 11:31:10.194root 11241100x8000000000000000536825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e2199c3c5088f22021-12-21 11:31:10.194root 11241100x8000000000000000536826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5945c5cd84683fe2021-12-21 11:31:10.194root 11241100x8000000000000000536827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d4f5df69d749a582021-12-21 11:31:10.194root 11241100x8000000000000000536828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78595dd12a54ab482021-12-21 11:31:10.194root 11241100x8000000000000000536829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25ace12dc5c6825d2021-12-21 11:31:10.194root 11241100x8000000000000000536830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89549640ad0086072021-12-21 11:31:10.194root 11241100x8000000000000000536831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21316ec87adc1dd72021-12-21 11:31:10.194root 11241100x8000000000000000536832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.febe6988ea0c7b4e2021-12-21 11:31:10.194root 11241100x8000000000000000536833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b832ed78a46a9ad62021-12-21 11:31:10.194root 11241100x8000000000000000536834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.376c2ec775babfcb2021-12-21 11:31:10.194root 11241100x8000000000000000536835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e6fcd86c406fd622021-12-21 11:31:10.194root 354300x8000000000000000536836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.258{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48654-false10.0.1.12-8000- 11241100x8000000000000000536837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c78a701b13353f42021-12-21 11:31:10.693root 11241100x8000000000000000536838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97c1428723ed01df2021-12-21 11:31:10.694root 11241100x8000000000000000536839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62b017e9b5c004662021-12-21 11:31:10.694root 11241100x8000000000000000536840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.654f1136303cf64e2021-12-21 11:31:10.694root 11241100x8000000000000000536841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b12c3e9f79a1aede2021-12-21 11:31:10.694root 11241100x8000000000000000536842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ff6e34b7bcd23262021-12-21 11:31:10.694root 11241100x8000000000000000536843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d7c9568514363652021-12-21 11:31:10.695root 11241100x8000000000000000536844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee472a7719bb3e482021-12-21 11:31:10.695root 11241100x8000000000000000536845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d40e063471caf992021-12-21 11:31:10.695root 11241100x8000000000000000536846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc5faba3b1fdc74b2021-12-21 11:31:10.695root 11241100x8000000000000000536847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28e681709d30c9652021-12-21 11:31:10.695root 11241100x8000000000000000536848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3f64b554e87f3e52021-12-21 11:31:10.695root 11241100x8000000000000000536849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4b22fc15d7a4f6d2021-12-21 11:31:10.696root 11241100x8000000000000000536850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e8b04a5f35740a82021-12-21 11:31:10.696root 11241100x8000000000000000536851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2c0ef3bf0c41e7f2021-12-21 11:31:10.696root 11241100x8000000000000000536852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bd69b479bca894a2021-12-21 11:31:10.696root 11241100x8000000000000000536853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a3cd1f46006d0222021-12-21 11:31:10.696root 11241100x8000000000000000536854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b998d3d42d1433a2021-12-21 11:31:10.696root 11241100x8000000000000000536855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1516e389603ba1f2021-12-21 11:31:10.697root 11241100x8000000000000000536856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f44e841840612de2021-12-21 11:31:10.697root 11241100x8000000000000000536857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f188464c714877522021-12-21 11:31:10.697root 11241100x8000000000000000536858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccd23e7c68aeba262021-12-21 11:31:10.697root 11241100x8000000000000000536859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8f16a3e4a55a54d2021-12-21 11:31:10.697root 11241100x8000000000000000536860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba97cb1962dbc4902021-12-21 11:31:11.193root 11241100x8000000000000000536861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4aa10a08db1bac22021-12-21 11:31:11.193root 11241100x8000000000000000536862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffc6fc35246b17522021-12-21 11:31:11.193root 11241100x8000000000000000536863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b40e46bb57138b2021-12-21 11:31:11.194root 11241100x8000000000000000536864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6e7bb3cf1d2e3d62021-12-21 11:31:11.194root 11241100x8000000000000000536865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b14b744239826672021-12-21 11:31:11.194root 11241100x8000000000000000536866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed53dda41caaa6482021-12-21 11:31:11.194root 11241100x8000000000000000536867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ca1dda768f9ef782021-12-21 11:31:11.194root 11241100x8000000000000000536868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18ca757e4f53a1632021-12-21 11:31:11.194root 11241100x8000000000000000536869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f6e95a004352ca82021-12-21 11:31:11.194root 11241100x8000000000000000536870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34c0f049b51fdb1a2021-12-21 11:31:11.194root 11241100x8000000000000000536871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.531ff525a006e2902021-12-21 11:31:11.195root 11241100x8000000000000000536872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbade7487dcc38db2021-12-21 11:31:11.195root 11241100x8000000000000000536873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a897aade2cc905ac2021-12-21 11:31:11.195root 11241100x8000000000000000536874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a16484ee1fea0d672021-12-21 11:31:11.195root 11241100x8000000000000000536875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0005acad3753ae9b2021-12-21 11:31:11.195root 11241100x8000000000000000536876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c6a11f1203d5d972021-12-21 11:31:11.195root 11241100x8000000000000000536877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d41d0e5877af8dc2021-12-21 11:31:11.195root 11241100x8000000000000000536878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85faf82b2d30dfcb2021-12-21 11:31:11.195root 11241100x8000000000000000536879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab30afe810c5ab252021-12-21 11:31:11.195root 11241100x8000000000000000536880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8afa99f7fea30b082021-12-21 11:31:11.195root 11241100x8000000000000000536881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ce45de43f446b972021-12-21 11:31:11.195root 11241100x8000000000000000536882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aef231bd4b917a9d2021-12-21 11:31:11.195root 11241100x8000000000000000536883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dd0d95fd27b59ac2021-12-21 11:31:11.693root 11241100x8000000000000000536884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def6a2de5d9e27152021-12-21 11:31:11.693root 11241100x8000000000000000536885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9286e71f508ddab72021-12-21 11:31:11.693root 11241100x8000000000000000536886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e53b5b7f7be0da82021-12-21 11:31:11.693root 11241100x8000000000000000536887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd66d87471057d562021-12-21 11:31:11.693root 11241100x8000000000000000536888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d111bac30e9b5c32021-12-21 11:31:11.693root 11241100x8000000000000000536889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8efdab244ffb5a022021-12-21 11:31:11.693root 11241100x8000000000000000536890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f59cafe8ab017e3b2021-12-21 11:31:11.694root 11241100x8000000000000000536891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d4ec3932733fd8c2021-12-21 11:31:11.694root 11241100x8000000000000000536892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0867f68f8b6d16d82021-12-21 11:31:11.694root 11241100x8000000000000000536893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bf2bb5e96ea26072021-12-21 11:31:11.694root 11241100x8000000000000000536894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eacdaacd60d155bb2021-12-21 11:31:11.694root 11241100x8000000000000000536895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.675bc903c0d7f5c92021-12-21 11:31:11.694root 11241100x8000000000000000536896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb8d43d6f1011ca02021-12-21 11:31:11.694root 11241100x8000000000000000536897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcf89623f50a3d2a2021-12-21 11:31:11.694root 11241100x8000000000000000536898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a3e771062b2c7612021-12-21 11:31:11.694root 11241100x8000000000000000536899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3961037f529fd8ac2021-12-21 11:31:11.694root 11241100x8000000000000000536900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e731f143f3775a12021-12-21 11:31:11.694root 11241100x8000000000000000536901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62b5a54a8a9739ab2021-12-21 11:31:11.694root 11241100x8000000000000000536902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.256776faf31a60f22021-12-21 11:31:11.694root 11241100x8000000000000000536903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d59783e4bbfddc62021-12-21 11:31:11.694root 11241100x8000000000000000536904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edff47baf0789b1f2021-12-21 11:31:11.694root 11241100x8000000000000000536905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a79e006e6df30ed32021-12-21 11:31:11.695root 11241100x8000000000000000536906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3caf9039d430c37a2021-12-21 11:31:12.193root 11241100x8000000000000000536907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da04a7d1597d7212021-12-21 11:31:12.193root 11241100x8000000000000000536908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27db7806acdb39762021-12-21 11:31:12.193root 11241100x8000000000000000536909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35785d18f1d2c7012021-12-21 11:31:12.193root 11241100x8000000000000000536910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6f57617287786fa2021-12-21 11:31:12.193root 11241100x8000000000000000536911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10af0e854a1437102021-12-21 11:31:12.193root 11241100x8000000000000000536912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4353979fe8c76e1b2021-12-21 11:31:12.193root 11241100x8000000000000000536913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b6cc57e02d4f58d2021-12-21 11:31:12.194root 11241100x8000000000000000536914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47cae424bc9844132021-12-21 11:31:12.194root 11241100x8000000000000000536915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e0a16490b478cc32021-12-21 11:31:12.194root 11241100x8000000000000000536916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a6d0c4385b799ab2021-12-21 11:31:12.194root 11241100x8000000000000000536917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d632773ab087797d2021-12-21 11:31:12.194root 11241100x8000000000000000536918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.212612b76909824c2021-12-21 11:31:12.194root 11241100x8000000000000000536919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab9aa0e92a4494282021-12-21 11:31:12.194root 11241100x8000000000000000536920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b85ee50e11376b92021-12-21 11:31:12.194root 11241100x8000000000000000536921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa1f69c37e7401012021-12-21 11:31:12.194root 11241100x8000000000000000536922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16953c3aa2ae64212021-12-21 11:31:12.194root 11241100x8000000000000000536923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.666e679463377aab2021-12-21 11:31:12.194root 11241100x8000000000000000536924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a137092d5b731eb2021-12-21 11:31:12.194root 11241100x8000000000000000536925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f67bf7b53f5806c52021-12-21 11:31:12.194root 11241100x8000000000000000536926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42557e919ce605b22021-12-21 11:31:12.194root 11241100x8000000000000000536927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2cbf51cde70fce62021-12-21 11:31:12.195root 11241100x8000000000000000536928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcea3ce4f7ff74402021-12-21 11:31:12.195root 11241100x8000000000000000536929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2171bf183979a5802021-12-21 11:31:12.693root 11241100x8000000000000000536930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f48e83197f7180472021-12-21 11:31:12.693root 11241100x8000000000000000536931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9d3c5895dd669d12021-12-21 11:31:12.693root 11241100x8000000000000000536932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.015c12f8ce8b29ed2021-12-21 11:31:12.693root 11241100x8000000000000000536933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8627f76dad125be2021-12-21 11:31:12.693root 11241100x8000000000000000536934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3a178a858f5643a2021-12-21 11:31:12.694root 11241100x8000000000000000536935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b34c23f62af315c2021-12-21 11:31:12.694root 11241100x8000000000000000536936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51a28135c16c69ee2021-12-21 11:31:12.694root 11241100x8000000000000000536937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd40bad20e64d3fe2021-12-21 11:31:12.694root 11241100x8000000000000000536938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18c3ff50a5d0593b2021-12-21 11:31:12.694root 11241100x8000000000000000536939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b793ec2099533322021-12-21 11:31:12.694root 11241100x8000000000000000536940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f071e29da6e46a4a2021-12-21 11:31:12.694root 11241100x8000000000000000536941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c74b88aadcf1c6dc2021-12-21 11:31:12.694root 11241100x8000000000000000536942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f023cbfb91f42c62021-12-21 11:31:12.694root 11241100x8000000000000000536943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4761760d696065a32021-12-21 11:31:12.694root 11241100x8000000000000000536944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b4cb8c65ffaf45d2021-12-21 11:31:12.694root 11241100x8000000000000000536945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6024bb5ded29761a2021-12-21 11:31:12.694root 11241100x8000000000000000536946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bf3f095ffb26ec22021-12-21 11:31:12.694root 11241100x8000000000000000536947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04788f6abc7be5ed2021-12-21 11:31:12.694root 11241100x8000000000000000536948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.316cb431b6b6861d2021-12-21 11:31:12.695root 11241100x8000000000000000536949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.230eb42149c669802021-12-21 11:31:12.695root 11241100x8000000000000000536950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9bd744dc943d2a22021-12-21 11:31:12.695root 11241100x8000000000000000536951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acbf04be9914141d2021-12-21 11:31:12.695root 11241100x8000000000000000536952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcdca33d63aa69cf2021-12-21 11:31:13.193root 11241100x8000000000000000536953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f0e0b62d12bc9f92021-12-21 11:31:13.193root 11241100x8000000000000000536954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5decd93e7c0730b02021-12-21 11:31:13.193root 11241100x8000000000000000536955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c557d9cd69e7b8c2021-12-21 11:31:13.193root 11241100x8000000000000000536956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa83c8b0166835132021-12-21 11:31:13.193root 11241100x8000000000000000536957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5b392eee9a022102021-12-21 11:31:13.193root 11241100x8000000000000000536958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a862dc453f31487c2021-12-21 11:31:13.193root 11241100x8000000000000000536959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bbe4e966e8b075f2021-12-21 11:31:13.193root 11241100x8000000000000000536960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7ce5a9bfccbdd9b2021-12-21 11:31:13.193root 11241100x8000000000000000536961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25e11bccc8b281622021-12-21 11:31:13.193root 11241100x8000000000000000536962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da350a1a66b9ecda2021-12-21 11:31:13.193root 11241100x8000000000000000536963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5deb9d1b9e00ed92021-12-21 11:31:13.193root 11241100x8000000000000000536964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c0560e86459c0262021-12-21 11:31:13.193root 11241100x8000000000000000536965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3bc7c279aac3d882021-12-21 11:31:13.193root 11241100x8000000000000000536966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aed444aca954e0762021-12-21 11:31:13.193root 11241100x8000000000000000536967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14c40a750dfde2242021-12-21 11:31:13.194root 11241100x8000000000000000536968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc1047e61c6aa9e32021-12-21 11:31:13.194root 11241100x8000000000000000536969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2207d7ca71bcb5d2021-12-21 11:31:13.194root 11241100x8000000000000000536970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cccdd7081ce7b6242021-12-21 11:31:13.194root 11241100x8000000000000000536971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76ed9dce3c7ec0922021-12-21 11:31:13.194root 11241100x8000000000000000536972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.916ea6774cbf2a9d2021-12-21 11:31:13.194root 11241100x8000000000000000536973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49c43efa78693b712021-12-21 11:31:13.194root 11241100x8000000000000000536974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdbd511f71c676a22021-12-21 11:31:13.194root 11241100x8000000000000000536975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd6d7d6bc596ec252021-12-21 11:31:13.194root 11241100x8000000000000000536976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4594ca3e3e7696e2021-12-21 11:31:13.194root 11241100x8000000000000000536977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04c35d65ca3ddb3c2021-12-21 11:31:13.693root 11241100x8000000000000000536978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e45aa43df5751a72021-12-21 11:31:13.693root 11241100x8000000000000000536979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8429567dea1e6c012021-12-21 11:31:13.693root 11241100x8000000000000000536980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6563bce0eae99362021-12-21 11:31:13.693root 11241100x8000000000000000536981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.843624ae2c81c8a12021-12-21 11:31:13.693root 11241100x8000000000000000536982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbb977ddddd3771f2021-12-21 11:31:13.693root 11241100x8000000000000000536983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a03600e7fcb958f52021-12-21 11:31:13.693root 11241100x8000000000000000536984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7e0ac19a48664ed2021-12-21 11:31:13.693root 11241100x8000000000000000536985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d278b04e0033135d2021-12-21 11:31:13.693root 11241100x8000000000000000536986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd02db9ce6de04962021-12-21 11:31:13.693root 11241100x8000000000000000536987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d489b0d8f22dc862021-12-21 11:31:13.693root 11241100x8000000000000000536988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.645df8e5405a9c802021-12-21 11:31:13.693root 11241100x8000000000000000536989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ad44b0f34ec7d02021-12-21 11:31:13.693root 11241100x8000000000000000536990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c5a04d3b330bf4f2021-12-21 11:31:13.693root 11241100x8000000000000000536991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff31bca0800346442021-12-21 11:31:13.694root 11241100x8000000000000000536992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a5556dd6b3a3e8f2021-12-21 11:31:13.694root 11241100x8000000000000000536993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9d9a980aeebcd112021-12-21 11:31:13.694root 11241100x8000000000000000536994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0afff4a6fda69e412021-12-21 11:31:13.694root 11241100x8000000000000000536995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19177b8cb6e73a752021-12-21 11:31:13.694root 11241100x8000000000000000536996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.304a591c79fcbbf72021-12-21 11:31:13.694root 11241100x8000000000000000536997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95cee388e72275b32021-12-21 11:31:13.694root 11241100x8000000000000000536998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1245d6036a8f11e2021-12-21 11:31:13.694root 11241100x8000000000000000536999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d57a1b96d4293c692021-12-21 11:31:13.694root 11241100x8000000000000000537000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f9eb342e3197b672021-12-21 11:31:13.694root 11241100x8000000000000000537001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f4247661b469d0c2021-12-21 11:31:13.694root 11241100x8000000000000000537002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea76c633b74828ca2021-12-21 11:31:13.694root 11241100x8000000000000000537003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.904f1053a31eb3f92021-12-21 11:31:14.193root 11241100x8000000000000000537004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55b1efb0b2c686282021-12-21 11:31:14.193root 11241100x8000000000000000537005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85d0bd91dec604512021-12-21 11:31:14.193root 11241100x8000000000000000537006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.920c1da3b06304182021-12-21 11:31:14.193root 11241100x8000000000000000537007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9ae35b1c87bbd342021-12-21 11:31:14.193root 11241100x8000000000000000537008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6190a3bde085e6962021-12-21 11:31:14.194root 11241100x8000000000000000537009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54d30b46f42dc2892021-12-21 11:31:14.194root 11241100x8000000000000000537010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.799045937c717ef02021-12-21 11:31:14.194root 11241100x8000000000000000537011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8c7ab6134c3cf652021-12-21 11:31:14.194root 11241100x8000000000000000537012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3023787ac21e4fd2021-12-21 11:31:14.194root 11241100x8000000000000000537013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed9cfd923356f0a72021-12-21 11:31:14.194root 11241100x8000000000000000537014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b8067caf53595b32021-12-21 11:31:14.194root 11241100x8000000000000000537015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00c8f03b80867b1e2021-12-21 11:31:14.194root 11241100x8000000000000000537016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3d954c399a4da742021-12-21 11:31:14.194root 11241100x8000000000000000537017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50a006fcca6437022021-12-21 11:31:14.194root 11241100x8000000000000000537018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba8f368fa5427af42021-12-21 11:31:14.194root 11241100x8000000000000000537019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.414b7ad010c002ba2021-12-21 11:31:14.194root 11241100x8000000000000000537020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5ae30cedeb217c62021-12-21 11:31:14.194root 11241100x8000000000000000537021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fe6a06cda85ac4b2021-12-21 11:31:14.194root 11241100x8000000000000000537022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a9c54d5cda3da5c2021-12-21 11:31:14.194root 11241100x8000000000000000537023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72dcbc1a0110072f2021-12-21 11:31:14.194root 11241100x8000000000000000537024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ac61a63f6435ac22021-12-21 11:31:14.195root 11241100x8000000000000000537025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6d53af773014ca12021-12-21 11:31:14.195root 11241100x8000000000000000537026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a51eea70a932d222021-12-21 11:31:14.699root 11241100x8000000000000000537027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6f65bb98484bd5a2021-12-21 11:31:14.699root 11241100x8000000000000000537028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8f5285e00903a052021-12-21 11:31:14.699root 11241100x8000000000000000537029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e116fc00f0b77842021-12-21 11:31:14.699root 11241100x8000000000000000537030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b5e2f0650fff7072021-12-21 11:31:14.699root 11241100x8000000000000000537031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01dce6e38c70da402021-12-21 11:31:14.699root 11241100x8000000000000000537032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59341fab582ea9082021-12-21 11:31:14.699root 11241100x8000000000000000537033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1efb451d024226912021-12-21 11:31:14.699root 11241100x8000000000000000537034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b98cc6901ec026692021-12-21 11:31:14.699root 11241100x8000000000000000537035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb1424c90aad9c4c2021-12-21 11:31:14.699root 11241100x8000000000000000537036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def73ee524ac16432021-12-21 11:31:14.699root 11241100x8000000000000000537037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df065999aa583a422021-12-21 11:31:14.699root 11241100x8000000000000000537038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4572fbeb81e670482021-12-21 11:31:14.700root 11241100x8000000000000000537039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.994b82b7844304cc2021-12-21 11:31:14.700root 11241100x8000000000000000537040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9193f68651625a342021-12-21 11:31:14.700root 11241100x8000000000000000537041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7285544695462bb02021-12-21 11:31:14.700root 11241100x8000000000000000537042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef589dea9488cdca2021-12-21 11:31:14.700root 11241100x8000000000000000537043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f67a684deb752512021-12-21 11:31:14.700root 11241100x8000000000000000537044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dba96bdb7303d062021-12-21 11:31:14.700root 11241100x8000000000000000537045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61cf5c621d3d002e2021-12-21 11:31:14.700root 11241100x8000000000000000537046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.119d3ed3202d6fc52021-12-21 11:31:14.700root 11241100x8000000000000000537047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47c5d8cd6af7568d2021-12-21 11:31:14.700root 11241100x8000000000000000537048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf75c5c3cd1ea0a52021-12-21 11:31:14.701root 11241100x8000000000000000537049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14ce6194cfcf335d2021-12-21 11:31:15.193root 11241100x8000000000000000537050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a92a0b452e7eca02021-12-21 11:31:15.193root 11241100x8000000000000000537051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e386b027653d5ee2021-12-21 11:31:15.193root 11241100x8000000000000000537052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.574441891ababcec2021-12-21 11:31:15.193root 11241100x8000000000000000537053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e32cf29b75c20bb02021-12-21 11:31:15.193root 11241100x8000000000000000537054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f808a798a59dd9102021-12-21 11:31:15.193root 11241100x8000000000000000537055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b86f1be1f39ec4fd2021-12-21 11:31:15.194root 11241100x8000000000000000537056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10f2820d5418d4a72021-12-21 11:31:15.194root 11241100x8000000000000000537057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.958a7eab075f71aa2021-12-21 11:31:15.194root 11241100x8000000000000000537058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79ae593511f625072021-12-21 11:31:15.194root 11241100x8000000000000000537059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a360980b10c43b442021-12-21 11:31:15.194root 11241100x8000000000000000537060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a465aac7da6120d2021-12-21 11:31:15.194root 11241100x8000000000000000537061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4698737ab25f9cff2021-12-21 11:31:15.194root 11241100x8000000000000000537062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1865dbfe6e60d2c82021-12-21 11:31:15.194root 11241100x8000000000000000537063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c12ab3a536aa46a02021-12-21 11:31:15.194root 11241100x8000000000000000537064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f6d05b87f30e8ab2021-12-21 11:31:15.195root 11241100x8000000000000000537065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07aa2447f78741872021-12-21 11:31:15.195root 11241100x8000000000000000537066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa77d8419569fce32021-12-21 11:31:15.195root 11241100x8000000000000000537067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23ccda63ce8892f52021-12-21 11:31:15.195root 11241100x8000000000000000537068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f31c29360670e3f2021-12-21 11:31:15.195root 11241100x8000000000000000537069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd74135a267dba442021-12-21 11:31:15.195root 11241100x8000000000000000537070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc042624e552ba3f2021-12-21 11:31:15.195root 11241100x8000000000000000537071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71e4f6801eee50802021-12-21 11:31:15.195root 11241100x8000000000000000537072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d6b33c6e7076402021-12-21 11:31:15.693root 11241100x8000000000000000537073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.140f1e31abc4f3cf2021-12-21 11:31:15.693root 11241100x8000000000000000537074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8a6a3ae56b1fd722021-12-21 11:31:15.693root 11241100x8000000000000000537075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8a449091b7acc5f2021-12-21 11:31:15.693root 11241100x8000000000000000537076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.974fca0001e24ed72021-12-21 11:31:15.693root 11241100x8000000000000000537077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b834eade6c676f92021-12-21 11:31:15.693root 11241100x8000000000000000537078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec0ff295c1a42f8a2021-12-21 11:31:15.693root 11241100x8000000000000000537079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.971305b0ca2402072021-12-21 11:31:15.693root 11241100x8000000000000000537080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3abe71f8c0253c402021-12-21 11:31:15.693root 11241100x8000000000000000537081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a93edf23532df8872021-12-21 11:31:15.694root 11241100x8000000000000000537082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.847feb078c3724572021-12-21 11:31:15.694root 11241100x8000000000000000537083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e758fb3493bc5c772021-12-21 11:31:15.694root 11241100x8000000000000000537084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb99269eb7baf2ae2021-12-21 11:31:15.694root 11241100x8000000000000000537085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1af82a95c098c8d02021-12-21 11:31:15.694root 11241100x8000000000000000537086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fca6905d733c671f2021-12-21 11:31:15.694root 11241100x8000000000000000537087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e07e36fe552a8ba2021-12-21 11:31:15.694root 11241100x8000000000000000537088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c15ffd8edaa8722e2021-12-21 11:31:15.694root 11241100x8000000000000000537089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.101936015a61cdf12021-12-21 11:31:15.694root 11241100x8000000000000000537090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe1bce5fdf7ea7362021-12-21 11:31:15.694root 11241100x8000000000000000537091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77913b64e0253c362021-12-21 11:31:15.694root 11241100x8000000000000000537092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1a22e73595f41142021-12-21 11:31:15.694root 11241100x8000000000000000537093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47779ca7297fc19b2021-12-21 11:31:15.695root 11241100x8000000000000000537094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52eda8e1356d659b2021-12-21 11:31:15.695root 354300x8000000000000000537095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.140{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48656-false10.0.1.12-8000- 11241100x8000000000000000537096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65de5444f6b576012021-12-21 11:31:16.142root 11241100x8000000000000000537097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33877b24f7a06d0e2021-12-21 11:31:16.142root 11241100x8000000000000000537098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e09eacb81e6d83482021-12-21 11:31:16.142root 11241100x8000000000000000537099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6c5771b4e4e6e4b2021-12-21 11:31:16.142root 11241100x8000000000000000537100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4002727fc0740cc72021-12-21 11:31:16.142root 11241100x8000000000000000537101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e7953b39a8a13c02021-12-21 11:31:16.142root 11241100x8000000000000000537102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97f9ab821e03e0682021-12-21 11:31:16.142root 11241100x8000000000000000537103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afe31e536c5da5162021-12-21 11:31:16.142root 11241100x8000000000000000537104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ece128014baba42021-12-21 11:31:16.142root 11241100x8000000000000000537105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.170fda6c698171772021-12-21 11:31:16.142root 11241100x8000000000000000537106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e11e917abea90032021-12-21 11:31:16.142root 11241100x8000000000000000537107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38791aa0d90b1cd22021-12-21 11:31:16.143root 11241100x8000000000000000537108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdfc1a1fa14ef2182021-12-21 11:31:16.143root 11241100x8000000000000000537109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62eaf2f34b7c56982021-12-21 11:31:16.143root 11241100x8000000000000000537110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c98cae78847cb0c2021-12-21 11:31:16.143root 11241100x8000000000000000537111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcd100dc77879d7a2021-12-21 11:31:16.143root 11241100x8000000000000000537112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e59619da18996532021-12-21 11:31:16.143root 11241100x8000000000000000537113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9e19a202ff8e53e2021-12-21 11:31:16.143root 11241100x8000000000000000537114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31bc79d37f25682d2021-12-21 11:31:16.144root 11241100x8000000000000000537115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c6279beee5105522021-12-21 11:31:16.144root 11241100x8000000000000000537116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c99e06fc8d2f8a02021-12-21 11:31:16.144root 11241100x8000000000000000537117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb6e3c12855cfe632021-12-21 11:31:16.144root 11241100x8000000000000000537118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.341a49aa0abe809c2021-12-21 11:31:16.144root 11241100x8000000000000000537119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c61b3955ef522172021-12-21 11:31:16.144root 11241100x8000000000000000537120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.299ce184a2ccaf242021-12-21 11:31:16.443root 11241100x8000000000000000537121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3a97f92d9a743082021-12-21 11:31:16.443root 11241100x8000000000000000537122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.035075d53dd877632021-12-21 11:31:16.443root 11241100x8000000000000000537123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82cf090a3f00e0ff2021-12-21 11:31:16.444root 11241100x8000000000000000537124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d9d0eeff715131c2021-12-21 11:31:16.444root 11241100x8000000000000000537125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17e3eaf5b19bd0502021-12-21 11:31:16.444root 11241100x8000000000000000537126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa649824015e91312021-12-21 11:31:16.444root 11241100x8000000000000000537127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39ed022e713f8a4e2021-12-21 11:31:16.444root 11241100x8000000000000000537128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cf1ed39986afe1a2021-12-21 11:31:16.445root 11241100x8000000000000000537129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db0b78f9c06c93cd2021-12-21 11:31:16.445root 11241100x8000000000000000537130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b81dfa089ac1367e2021-12-21 11:31:16.445root 11241100x8000000000000000537131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dca2e37783a63072021-12-21 11:31:16.445root 11241100x8000000000000000537132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c99ca8e3a6107f2021-12-21 11:31:16.445root 11241100x8000000000000000537133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e83733deda5d9ae32021-12-21 11:31:16.445root 11241100x8000000000000000537134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a24d8dd1ddbd2bf62021-12-21 11:31:16.445root 11241100x8000000000000000537135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8edf700f9d117d4d2021-12-21 11:31:16.445root 11241100x8000000000000000537136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc0ea4670ac86b3e2021-12-21 11:31:16.445root 11241100x8000000000000000537137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6ee9decc65098202021-12-21 11:31:16.445root 11241100x8000000000000000537138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbeffa6dce5d2d602021-12-21 11:31:16.446root 11241100x8000000000000000537139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01ce290b86775c0c2021-12-21 11:31:16.446root 11241100x8000000000000000537140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e70eba95b60f8782021-12-21 11:31:16.446root 11241100x8000000000000000537141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18e865801083457b2021-12-21 11:31:16.446root 11241100x8000000000000000537142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.197f4fa23c4fed162021-12-21 11:31:16.446root 11241100x8000000000000000537143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3605e10ef029f98c2021-12-21 11:31:16.446root 11241100x8000000000000000537144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f6d8eddce8d81092021-12-21 11:31:16.943root 11241100x8000000000000000537145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23de67af5e562fac2021-12-21 11:31:16.943root 11241100x8000000000000000537146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c790c41d9dbf5892021-12-21 11:31:16.944root 11241100x8000000000000000537147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80fe6b1840a026782021-12-21 11:31:16.944root 11241100x8000000000000000537148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17738df43b2466fc2021-12-21 11:31:16.944root 11241100x8000000000000000537149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cb63ee847faec392021-12-21 11:31:16.944root 11241100x8000000000000000537150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80c867e32956f0102021-12-21 11:31:16.944root 11241100x8000000000000000537151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.704100d5231230512021-12-21 11:31:16.944root 11241100x8000000000000000537152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0233b756b24a2782021-12-21 11:31:16.944root 11241100x8000000000000000537153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1da0f93d5786c9632021-12-21 11:31:16.944root 11241100x8000000000000000537154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.719c2385959f07032021-12-21 11:31:16.944root 11241100x8000000000000000537155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27ba15dc21d35c362021-12-21 11:31:16.944root 11241100x8000000000000000537156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44f54d2b10e111f32021-12-21 11:31:16.944root 11241100x8000000000000000537157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc30da299ad611f92021-12-21 11:31:16.945root 11241100x8000000000000000537158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a203b0ade3400daa2021-12-21 11:31:16.945root 11241100x8000000000000000537159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ab8e86ae40b010c2021-12-21 11:31:16.945root 11241100x8000000000000000537160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.519712a8eaee08112021-12-21 11:31:16.945root 11241100x8000000000000000537161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23fcd1a20d4376c72021-12-21 11:31:16.946root 11241100x8000000000000000537162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a595895aa9bda1d2021-12-21 11:31:16.946root 11241100x8000000000000000537163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68df4ad95a159ee72021-12-21 11:31:16.946root 11241100x8000000000000000537164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeb25c8a2a4415762021-12-21 11:31:16.946root 11241100x8000000000000000537165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e31d97490e3b7c502021-12-21 11:31:16.946root 11241100x8000000000000000537166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f2116e81c1a8e812021-12-21 11:31:16.946root 11241100x8000000000000000537167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.944dd6d05ac3d9f52021-12-21 11:31:16.946root 11241100x8000000000000000537168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6e3d8b6086783842021-12-21 11:31:17.443root 11241100x8000000000000000537169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e37a3dc01fe22672021-12-21 11:31:17.443root 11241100x8000000000000000537170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e54cf8e4421770e2021-12-21 11:31:17.443root 11241100x8000000000000000537171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c66844f64b5e1802021-12-21 11:31:17.443root 11241100x8000000000000000537172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.061b3225c18907732021-12-21 11:31:17.443root 11241100x8000000000000000537173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b45c66bcc76888f2021-12-21 11:31:17.443root 11241100x8000000000000000537174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbbcc496c024eb382021-12-21 11:31:17.443root 11241100x8000000000000000537175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1fd021c86228c3c2021-12-21 11:31:17.444root 11241100x8000000000000000537176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60db9fa4a57349be2021-12-21 11:31:17.444root 11241100x8000000000000000537177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f129ee2d2caa36b2021-12-21 11:31:17.444root 11241100x8000000000000000537178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf9719e7da50f31f2021-12-21 11:31:17.444root 11241100x8000000000000000537179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.687b82a68ef5eb6c2021-12-21 11:31:17.444root 11241100x8000000000000000537180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b2b5c70c1a09b4a2021-12-21 11:31:17.444root 11241100x8000000000000000537181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75f23555331769572021-12-21 11:31:17.444root 11241100x8000000000000000537182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2151c961ee4799492021-12-21 11:31:17.444root 11241100x8000000000000000537183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c7909ef8ea592d92021-12-21 11:31:17.444root 11241100x8000000000000000537184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1e9c40fdde690722021-12-21 11:31:17.444root 11241100x8000000000000000537185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2933ced68e8015752021-12-21 11:31:17.444root 11241100x8000000000000000537186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e6f219b44b40f92021-12-21 11:31:17.445root 11241100x8000000000000000537187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87a0ccaca41395c72021-12-21 11:31:17.445root 11241100x8000000000000000537188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7065bdb56d203012021-12-21 11:31:17.445root 11241100x8000000000000000537189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b4c421d0e1d42c52021-12-21 11:31:17.445root 11241100x8000000000000000537190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8848253d819303912021-12-21 11:31:17.445root 11241100x8000000000000000537191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.373aa032bbcabe362021-12-21 11:31:17.445root 11241100x8000000000000000537192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a638a63053a75622021-12-21 11:31:17.942root 11241100x8000000000000000537193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7b183cd2e0a6b7c2021-12-21 11:31:17.943root 11241100x8000000000000000537194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73d9f6531881adb02021-12-21 11:31:17.943root 11241100x8000000000000000537195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5297c57e64868ac72021-12-21 11:31:17.943root 11241100x8000000000000000537196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d55a1c1ccf5327eb2021-12-21 11:31:17.943root 11241100x8000000000000000537197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e18ad47b4aa57942021-12-21 11:31:17.943root 11241100x8000000000000000537198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac90fe27545c8d202021-12-21 11:31:17.943root 11241100x8000000000000000537199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e4cb300d0fea5d2021-12-21 11:31:17.943root 11241100x8000000000000000537200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ae4788d468707f32021-12-21 11:31:17.943root 11241100x8000000000000000537201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.701f4977cfac36cd2021-12-21 11:31:17.943root 11241100x8000000000000000537202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.666cec34a47cd97c2021-12-21 11:31:17.943root 11241100x8000000000000000537203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff20df4a7eabe5fc2021-12-21 11:31:17.943root 11241100x8000000000000000537204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.632b0e7f841efb7e2021-12-21 11:31:17.943root 11241100x8000000000000000537205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3a4f0072f5060a62021-12-21 11:31:17.943root 11241100x8000000000000000537206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.519f988f7bdf02392021-12-21 11:31:17.944root 11241100x8000000000000000537207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae2e3074921bb6ed2021-12-21 11:31:17.944root 11241100x8000000000000000537208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47abff3ee6e78aae2021-12-21 11:31:17.944root 11241100x8000000000000000537209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5002e4c984add1c52021-12-21 11:31:17.944root 11241100x8000000000000000537210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a8c67b246192d3e2021-12-21 11:31:17.944root 11241100x8000000000000000537211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cc6d85f2eb01e0d2021-12-21 11:31:17.944root 11241100x8000000000000000537212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a498f2907271da92021-12-21 11:31:17.944root 11241100x8000000000000000537213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8b9a186eb523d782021-12-21 11:31:17.944root 11241100x8000000000000000537214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9ae2442e33d798a2021-12-21 11:31:17.945root 11241100x8000000000000000537215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03e3db65cd6f5e352021-12-21 11:31:17.945root 11241100x8000000000000000537216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efcba61fbc86cd432021-12-21 11:31:17.945root 11241100x8000000000000000537217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32cfb4808f46153d2021-12-21 11:31:18.443root 11241100x8000000000000000537218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c43c52d537f4d91a2021-12-21 11:31:18.443root 11241100x8000000000000000537219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb0fcd9cca34f4992021-12-21 11:31:18.443root 11241100x8000000000000000537220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d2221f79ea733212021-12-21 11:31:18.444root 11241100x8000000000000000537221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1031b09adcef71a02021-12-21 11:31:18.444root 11241100x8000000000000000537222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53a18de4bef359932021-12-21 11:31:18.444root 11241100x8000000000000000537223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2143dd2893470e92021-12-21 11:31:18.444root 11241100x8000000000000000537224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43177e3348a92aa62021-12-21 11:31:18.444root 11241100x8000000000000000537225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68835b812e81fa882021-12-21 11:31:18.444root 11241100x8000000000000000537226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51692706af12e2222021-12-21 11:31:18.444root 11241100x8000000000000000537227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c8aacf18c367762021-12-21 11:31:18.444root 11241100x8000000000000000537228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70e212dc933bc2552021-12-21 11:31:18.444root 11241100x8000000000000000537229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91b6b3e5b4b6c5f82021-12-21 11:31:18.444root 11241100x8000000000000000537230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b48d425b83ae9e92021-12-21 11:31:18.445root 11241100x8000000000000000537231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89708eae5bfc18ce2021-12-21 11:31:18.445root 11241100x8000000000000000537232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.902e49776673e7de2021-12-21 11:31:18.445root 11241100x8000000000000000537233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9565a2b7c1ca050c2021-12-21 11:31:18.445root 11241100x8000000000000000537234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87eb84037c5ae0172021-12-21 11:31:18.446root 11241100x8000000000000000537235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6da9e835af178cd12021-12-21 11:31:18.446root 11241100x8000000000000000537236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a21135f9998f20ac2021-12-21 11:31:18.446root 11241100x8000000000000000537237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5988c04886537f4f2021-12-21 11:31:18.446root 11241100x8000000000000000537238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b6403597b30d2ab2021-12-21 11:31:18.446root 11241100x8000000000000000537239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31cc564eb50aa00c2021-12-21 11:31:18.447root 11241100x8000000000000000537240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6f25261a1c5fb152021-12-21 11:31:18.447root 11241100x8000000000000000537241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b81b66dc3f53ea2021-12-21 11:31:18.943root 11241100x8000000000000000537242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f1cb2666ccc50402021-12-21 11:31:18.943root 11241100x8000000000000000537243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abd9d879ae9b8f762021-12-21 11:31:18.943root 11241100x8000000000000000537244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ed357e5aaf520bb2021-12-21 11:31:18.943root 11241100x8000000000000000537245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.318c610f230ecfed2021-12-21 11:31:18.943root 11241100x8000000000000000537246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23e82257849ed9aa2021-12-21 11:31:18.944root 11241100x8000000000000000537247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3a38aea88fa72462021-12-21 11:31:18.944root 11241100x8000000000000000537248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee621d693f247b432021-12-21 11:31:18.944root 11241100x8000000000000000537249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2089fffd21c73d32021-12-21 11:31:18.944root 11241100x8000000000000000537250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c39b3cd7ff77ba012021-12-21 11:31:18.944root 11241100x8000000000000000537251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbecc47edd30de7e2021-12-21 11:31:18.944root 11241100x8000000000000000537252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93d8cce114cc43d02021-12-21 11:31:18.944root 11241100x8000000000000000537253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c86d61962f04f98c2021-12-21 11:31:18.944root 11241100x8000000000000000537254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.946f048dcdbc8c042021-12-21 11:31:18.944root 11241100x8000000000000000537255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4cba1c656f739ce2021-12-21 11:31:18.944root 11241100x8000000000000000537256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e09317b910723ca92021-12-21 11:31:18.944root 11241100x8000000000000000537257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bacec7f3235027732021-12-21 11:31:18.944root 11241100x8000000000000000537258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d0e92ea249f02322021-12-21 11:31:18.945root 11241100x8000000000000000537259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71c93f84cef7a8582021-12-21 11:31:18.946root 11241100x8000000000000000537260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b678b099055dd5f2021-12-21 11:31:18.946root 11241100x8000000000000000537261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26bf0f9153fcd72b2021-12-21 11:31:18.946root 11241100x8000000000000000537262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.781a20da6ed3e27c2021-12-21 11:31:18.946root 11241100x8000000000000000537263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.800a7e6f823403b92021-12-21 11:31:18.946root 11241100x8000000000000000537264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbe4be2d9a25533d2021-12-21 11:31:18.946root 11241100x8000000000000000537265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c2b30f0fd5163df2021-12-21 11:31:18.946root 11241100x8000000000000000537266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f85dc55323e83edf2021-12-21 11:31:18.947root 11241100x8000000000000000537267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c25ef53073e30b092021-12-21 11:31:18.947root 11241100x8000000000000000537268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.678112b4acabf6d42021-12-21 11:31:18.947root 11241100x8000000000000000537269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0933c95b3896412021-12-21 11:31:18.947root 11241100x8000000000000000537270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3deb18d3f4ff820b2021-12-21 11:31:18.947root 11241100x8000000000000000537271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50886f3d8b711e162021-12-21 11:31:18.947root 11241100x8000000000000000537272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdb2ee120c68f71b2021-12-21 11:31:18.947root 11241100x8000000000000000537273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7255b9538f1d81e2021-12-21 11:31:18.947root 11241100x8000000000000000537274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.525691201fbe25b72021-12-21 11:31:18.948root 11241100x8000000000000000537275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e39f2e581d10ea972021-12-21 11:31:19.443root 11241100x8000000000000000537276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be6d027186711eb12021-12-21 11:31:19.443root 11241100x8000000000000000537277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80017f449cbc89df2021-12-21 11:31:19.443root 11241100x8000000000000000537278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c64fa9d88a89724b2021-12-21 11:31:19.443root 11241100x8000000000000000537279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e94392ac63c19d782021-12-21 11:31:19.443root 11241100x8000000000000000537280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6f95ef88f0ac0fb2021-12-21 11:31:19.443root 11241100x8000000000000000537281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ad7dd1cbdc298082021-12-21 11:31:19.443root 11241100x8000000000000000537282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bbb249baf489dd42021-12-21 11:31:19.444root 11241100x8000000000000000537283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59eee054b608de672021-12-21 11:31:19.444root 11241100x8000000000000000537284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d2314c0562d35682021-12-21 11:31:19.444root 11241100x8000000000000000537285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3da50d192fb19ed2021-12-21 11:31:19.444root 11241100x8000000000000000537286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c46a6cd64c5e5aaf2021-12-21 11:31:19.444root 11241100x8000000000000000537287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9e4009ed83615b82021-12-21 11:31:19.444root 11241100x8000000000000000537288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b2af59f0ac3754e2021-12-21 11:31:19.444root 11241100x8000000000000000537289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cba791052a4513a2021-12-21 11:31:19.444root 11241100x8000000000000000537290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5f0891a3ecd5c492021-12-21 11:31:19.444root 11241100x8000000000000000537291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c7f2c8b39f4ef692021-12-21 11:31:19.444root 11241100x8000000000000000537292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5525bc3338f2af032021-12-21 11:31:19.444root 11241100x8000000000000000537293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63c368623b0f39622021-12-21 11:31:19.444root 11241100x8000000000000000537294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41aa756f1a2b59a22021-12-21 11:31:19.444root 11241100x8000000000000000537295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4da7b42c2ff97ab2021-12-21 11:31:19.444root 11241100x8000000000000000537296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7dc99ef80b43e5c2021-12-21 11:31:19.445root 11241100x8000000000000000537297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1733ac1738980d4d2021-12-21 11:31:19.445root 11241100x8000000000000000537298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d49eeda650c175212021-12-21 11:31:19.445root 11241100x8000000000000000537299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd08e4c47b934df02021-12-21 11:31:19.943root 11241100x8000000000000000537300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35bebab8f2a9182d2021-12-21 11:31:19.943root 11241100x8000000000000000537301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff0fe599116707b62021-12-21 11:31:19.943root 11241100x8000000000000000537302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42f19de8956da7f52021-12-21 11:31:19.943root 11241100x8000000000000000537303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.167dfcc784273e2f2021-12-21 11:31:19.943root 11241100x8000000000000000537304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a33aa98e8f4e3c4e2021-12-21 11:31:19.943root 11241100x8000000000000000537305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2b007f566a1954e2021-12-21 11:31:19.943root 11241100x8000000000000000537306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5533186f27044ccd2021-12-21 11:31:19.944root 11241100x8000000000000000537307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.647fd49c2094b9342021-12-21 11:31:19.944root 11241100x8000000000000000537308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.009074a27d11ae542021-12-21 11:31:19.944root 11241100x8000000000000000537309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc6ffaa2174ac5442021-12-21 11:31:19.944root 11241100x8000000000000000537310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88fe377109ca7f7b2021-12-21 11:31:19.944root 11241100x8000000000000000537311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d9d71ea66f86b6c2021-12-21 11:31:19.944root 11241100x8000000000000000537312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f1cb74875b703682021-12-21 11:31:19.944root 11241100x8000000000000000537313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17fceda4209b4bc62021-12-21 11:31:19.944root 11241100x8000000000000000537314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35221a10ed544e332021-12-21 11:31:19.944root 11241100x8000000000000000537315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aacbe90b7c7d28b2021-12-21 11:31:19.944root 11241100x8000000000000000537316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f00ed3c1fe6d509d2021-12-21 11:31:19.944root 11241100x8000000000000000537317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f3ca01fda6ddd172021-12-21 11:31:19.944root 11241100x8000000000000000537318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24cb39f9d249481e2021-12-21 11:31:19.944root 11241100x8000000000000000537319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3b24a47cc8a37f42021-12-21 11:31:19.944root 11241100x8000000000000000537320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdfbed992d1b88332021-12-21 11:31:19.944root 11241100x8000000000000000537321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b5bd1a19797fde32021-12-21 11:31:19.944root 11241100x8000000000000000537322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc2293f28a7375e82021-12-21 11:31:19.945root 11241100x8000000000000000537323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daf991d7d92e02092021-12-21 11:31:19.945root 11241100x8000000000000000537324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d4b0cafe298fdd2021-12-21 11:31:19.945root 11241100x8000000000000000537325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4649d864ca291b42021-12-21 11:31:19.945root 11241100x8000000000000000537326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25a3641b1e1138db2021-12-21 11:31:19.945root 11241100x8000000000000000537327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.378f91ae5bd138e82021-12-21 11:31:19.945root 11241100x8000000000000000537328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.562f0e07ffc86e112021-12-21 11:31:19.945root 154100x8000000000000000537329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.946{ec2b6afe-bb07-61c1-68e4-9a6690550000}9882/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2319--- 534500x8000000000000000537330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.958{ec2b6afe-bb07-61c1-68e4-9a6690550000}9882/bin/psroot 11241100x8000000000000000537331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9ab1d9e48774e6b2021-12-21 11:31:20.443root 11241100x8000000000000000537332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f55e1376299d9b72021-12-21 11:31:20.443root 11241100x8000000000000000537333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d1af1b4a13527d62021-12-21 11:31:20.443root 11241100x8000000000000000537334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84b1e2d482b3c4e12021-12-21 11:31:20.443root 11241100x8000000000000000537335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0306f1c0a8fdef8e2021-12-21 11:31:20.444root 11241100x8000000000000000537336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6537b2fa2f042e6e2021-12-21 11:31:20.444root 11241100x8000000000000000537337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abb7d989013320fd2021-12-21 11:31:20.444root 11241100x8000000000000000537338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c741b3d0129ce59c2021-12-21 11:31:20.444root 11241100x8000000000000000537339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.946d358cf66580342021-12-21 11:31:20.444root 11241100x8000000000000000537340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36928392686d2efc2021-12-21 11:31:20.444root 11241100x8000000000000000537341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbb00cf8f1f527212021-12-21 11:31:20.444root 11241100x8000000000000000537342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71c98f71491ebec02021-12-21 11:31:20.444root 11241100x8000000000000000537343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af7a459ef906fcef2021-12-21 11:31:20.444root 11241100x8000000000000000537344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e42d8fa28a4501da2021-12-21 11:31:20.444root 11241100x8000000000000000537345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57daab704ae5a03b2021-12-21 11:31:20.444root 11241100x8000000000000000537346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6cc8ee328bdd3d32021-12-21 11:31:20.444root 11241100x8000000000000000537347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bd2a8a61fffc12b2021-12-21 11:31:20.444root 11241100x8000000000000000537348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7572f001998fdb52021-12-21 11:31:20.444root 11241100x8000000000000000537349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a586a5786be3f2742021-12-21 11:31:20.444root 11241100x8000000000000000537350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32c6473aa55d76372021-12-21 11:31:20.445root 11241100x8000000000000000537351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ed3bdae33c763f22021-12-21 11:31:20.445root 11241100x8000000000000000537352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f5989e6dd92edb02021-12-21 11:31:20.445root 11241100x8000000000000000537353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ec26655c61cce102021-12-21 11:31:20.445root 11241100x8000000000000000537354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d354adb66650548f2021-12-21 11:31:20.445root 11241100x8000000000000000537355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba74a3bbebafcae82021-12-21 11:31:20.445root 11241100x8000000000000000537356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c44c45d08251fe92021-12-21 11:31:20.445root 11241100x8000000000000000537357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eb84443dd5f927e2021-12-21 11:31:20.943root 11241100x8000000000000000537358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28fa9367dc2a32782021-12-21 11:31:20.943root 11241100x8000000000000000537359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d27520b7001bc8b2021-12-21 11:31:20.943root 11241100x8000000000000000537360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80a91f8091fde84d2021-12-21 11:31:20.943root 11241100x8000000000000000537361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0ff2d08ff52f6022021-12-21 11:31:20.943root 11241100x8000000000000000537362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.422b9d7bbc84cfea2021-12-21 11:31:20.943root 11241100x8000000000000000537363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccc22d5e7eb88fad2021-12-21 11:31:20.943root 11241100x8000000000000000537364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7017ff4ea50b88b2021-12-21 11:31:20.943root 11241100x8000000000000000537365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b31c1d6f2d34f852021-12-21 11:31:20.943root 11241100x8000000000000000537366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32f92e6c6644ca802021-12-21 11:31:20.944root 11241100x8000000000000000537367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01f7e336492aae082021-12-21 11:31:20.944root 11241100x8000000000000000537368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bb82348a59889b52021-12-21 11:31:20.944root 11241100x8000000000000000537369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d185ea727d2aa0462021-12-21 11:31:20.944root 11241100x8000000000000000537370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f280e47e4989c7c2021-12-21 11:31:20.944root 11241100x8000000000000000537371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78d08e95b029c2ea2021-12-21 11:31:20.944root 11241100x8000000000000000537372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e01868403903e6912021-12-21 11:31:20.944root 11241100x8000000000000000537373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09c34b04da1a0ea92021-12-21 11:31:20.944root 11241100x8000000000000000537374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86c13c13bea9cc8e2021-12-21 11:31:20.944root 11241100x8000000000000000537375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3949187677786a6f2021-12-21 11:31:20.945root 11241100x8000000000000000537376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b16328ac3cdad0a2021-12-21 11:31:20.945root 11241100x8000000000000000537377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.370cae8db46c606d2021-12-21 11:31:20.945root 11241100x8000000000000000537378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.246a5bedea03d81f2021-12-21 11:31:20.945root 11241100x8000000000000000537379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f386a303c5542eb2021-12-21 11:31:20.946root 11241100x8000000000000000537380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ca645bd8adcf75f2021-12-21 11:31:20.946root 11241100x8000000000000000537381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3a0a45b6425445d2021-12-21 11:31:20.946root 11241100x8000000000000000537382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2965b7b02ff196ff2021-12-21 11:31:20.946root 11241100x8000000000000000537383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08cff3a03bcd85a12021-12-21 11:31:20.946root 11241100x8000000000000000537384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8fbd75a48363e362021-12-21 11:31:20.946root 354300x8000000000000000537385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.222{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48658-false10.0.1.12-8000- 11241100x8000000000000000537386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3cb15197fdd54282021-12-21 11:31:21.223root 11241100x8000000000000000537387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deac855272da1aae2021-12-21 11:31:21.223root 11241100x8000000000000000537388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c1b6e2ae9b7a7e82021-12-21 11:31:21.223root 11241100x8000000000000000537389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc76a5952dc82abf2021-12-21 11:31:21.223root 11241100x8000000000000000537390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bb6cab4272bc2232021-12-21 11:31:21.223root 11241100x8000000000000000537391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b852d63a70c7c9a2021-12-21 11:31:21.223root 11241100x8000000000000000537392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40cb2d2644e1292c2021-12-21 11:31:21.223root 11241100x8000000000000000537393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8be059ad0dd219582021-12-21 11:31:21.223root 11241100x8000000000000000537394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7209e3f9821535c2021-12-21 11:31:21.223root 11241100x8000000000000000537395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5edc7845786dd782021-12-21 11:31:21.224root 11241100x8000000000000000537396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f51ac902aa361ca42021-12-21 11:31:21.224root 11241100x8000000000000000537397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd403aec631b76ba2021-12-21 11:31:21.224root 11241100x8000000000000000537398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4889f6708e3993302021-12-21 11:31:21.224root 11241100x8000000000000000537399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f55aadf5679ff182021-12-21 11:31:21.224root 11241100x8000000000000000537400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa68c53241c1ad9b2021-12-21 11:31:21.224root 11241100x8000000000000000537401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd5f6ab66e8c8772021-12-21 11:31:21.224root 11241100x8000000000000000537402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c699769b6b029c742021-12-21 11:31:21.224root 11241100x8000000000000000537403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc3ad75f13fc64702021-12-21 11:31:21.224root 11241100x8000000000000000537404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf4162433d8d18242021-12-21 11:31:21.224root 11241100x8000000000000000537405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.225{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1322b325081789222021-12-21 11:31:21.225root 11241100x8000000000000000537406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.225{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad2b85ba00a54b5a2021-12-21 11:31:21.225root 11241100x8000000000000000537407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.225{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9790250f18bfaea32021-12-21 11:31:21.225root 11241100x8000000000000000537408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.225{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9696fa244e3fad042021-12-21 11:31:21.225root 11241100x8000000000000000537409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.225{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f43d81eb433a0d852021-12-21 11:31:21.225root 11241100x8000000000000000537410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.225{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d91484118d4a42622021-12-21 11:31:21.225root 11241100x8000000000000000537411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.225{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bde52056bd8a3dfc2021-12-21 11:31:21.225root 11241100x8000000000000000537412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.225{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d46ed5f971e3cada2021-12-21 11:31:21.225root 11241100x8000000000000000537413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.225{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b0279e0a785f5c62021-12-21 11:31:21.225root 11241100x8000000000000000537414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.225{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.631848748730ded42021-12-21 11:31:21.225root 11241100x8000000000000000537415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.225{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c66d21475a8176f2021-12-21 11:31:21.225root 11241100x8000000000000000537416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.225{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0bb8d807f29e27d2021-12-21 11:31:21.225root 11241100x8000000000000000537417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.226{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec3dbb42e820c7e72021-12-21 11:31:21.226root 11241100x8000000000000000537418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.226{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ac7b5f3c76345092021-12-21 11:31:21.226root 11241100x8000000000000000537419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.226{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c11a09a53da0b4112021-12-21 11:31:21.226root 11241100x8000000000000000537420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.226{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67284903794a05fa2021-12-21 11:31:21.226root 11241100x8000000000000000537421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.226{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7cd05ab6566499b2021-12-21 11:31:21.226root 11241100x8000000000000000537422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.226{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.197f3d3ed9ce0c2f2021-12-21 11:31:21.226root 11241100x8000000000000000537423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.226{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0c498a310fdc7662021-12-21 11:31:21.226root 11241100x8000000000000000537424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.226{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5584e48e81da6972021-12-21 11:31:21.226root 11241100x8000000000000000537425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.226{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eef45b5fe817c64f2021-12-21 11:31:21.226root 11241100x8000000000000000537426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85746ee0ccd443032021-12-21 11:31:21.693root 11241100x8000000000000000537427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9f043e0d989938a2021-12-21 11:31:21.693root 11241100x8000000000000000537428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2da39d31bf741e9c2021-12-21 11:31:21.693root 11241100x8000000000000000537429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb5afde3801c108e2021-12-21 11:31:21.694root 11241100x8000000000000000537430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b64e3a00a3f7fb0a2021-12-21 11:31:21.694root 11241100x8000000000000000537431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a514c3698f4d2502021-12-21 11:31:21.694root 11241100x8000000000000000537432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d95f1e9443ffff832021-12-21 11:31:21.694root 11241100x8000000000000000537433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5efaf61ec90ac1f62021-12-21 11:31:21.694root 11241100x8000000000000000537434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.224357aaadf82ff72021-12-21 11:31:21.694root 11241100x8000000000000000537435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd7c3e4634f887722021-12-21 11:31:21.694root 11241100x8000000000000000537436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae32c95f6ece2ab82021-12-21 11:31:21.694root 11241100x8000000000000000537437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71815cf26de469f62021-12-21 11:31:21.694root 11241100x8000000000000000537438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daeb26ead731ed682021-12-21 11:31:21.695root 354300x8000000000000000537468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:32.056{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48664-false10.0.1.12-8000- 11241100x8000000000000000537469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:32.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4a61e42f78268e22021-12-21 11:31:32.442root 11241100x8000000000000000537470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:32.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be99d3221caa84942021-12-21 11:31:32.942root 11241100x8000000000000000537471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:33.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d417204875da807d2021-12-21 11:31:33.442root 11241100x8000000000000000537472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:33.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dcea5f770b561a92021-12-21 11:31:33.942root 11241100x8000000000000000537473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:34.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35f7d76ef3dd13b12021-12-21 11:31:34.442root 11241100x8000000000000000537474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:34.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8affae2883841dd2021-12-21 11:31:34.942root 11241100x8000000000000000537475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:35.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35217ca2249d2a212021-12-21 11:31:35.442root 11241100x8000000000000000537476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:35.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ac20ab1118f8b7f2021-12-21 11:31:35.942root 11241100x8000000000000000537477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:36.326{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 11:31:36.326root 11241100x8000000000000000537478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:36.327{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.651f836c621efc6d2021-12-21 11:31:36.327root 11241100x8000000000000000537479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:36.328{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb4cb7a1962541412021-12-21 11:31:36.328root 11241100x8000000000000000537480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:36.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93e44083c3965dc72021-12-21 11:31:36.692root 11241100x8000000000000000537481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e56b853bb35a4322021-12-21 11:31:36.693root 11241100x8000000000000000537482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:37.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7989b239e7f81e392021-12-21 11:31:37.192root 11241100x8000000000000000537483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8cdf9c527e2fa612021-12-21 11:31:37.193root 11241100x8000000000000000537484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:37.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdbbb92c42db422c2021-12-21 11:31:37.692root 11241100x8000000000000000537485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1f9d9c06e313fa52021-12-21 11:31:37.693root 354300x8000000000000000537486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:38.035{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48666-false10.0.1.12-8000- 11241100x8000000000000000537487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:38.036{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b09d91064bedf522021-12-21 11:31:38.036root 11241100x8000000000000000537488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:38.036{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4782f115b440d5c82021-12-21 11:31:38.036root 11241100x8000000000000000537489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:38.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1211a29a1c265172021-12-21 11:31:38.442root 11241100x8000000000000000537490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd1620aa7f0fc3072021-12-21 11:31:38.443root 11241100x8000000000000000537491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad7fe42fd04b724c2021-12-21 11:31:38.443root 11241100x8000000000000000537492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:38.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cf51a29f73043d72021-12-21 11:31:38.942root 11241100x8000000000000000537493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44abec501bddea112021-12-21 11:31:38.943root 11241100x8000000000000000537494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddc42202fe8453b02021-12-21 11:31:38.943root 23542300x8000000000000000537495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:39.329{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000537496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:39.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c894b98986976e62021-12-21 11:31:39.329root 11241100x8000000000000000537497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:39.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdf8e3bc7b4e69542021-12-21 11:31:39.330root 11241100x8000000000000000537498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:39.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70714d213be62b9c2021-12-21 11:31:39.330root 11241100x8000000000000000537499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:39.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c959396f0d99e6902021-12-21 11:31:39.692root 11241100x8000000000000000537500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0a1afb2ed2b43f12021-12-21 11:31:39.693root 11241100x8000000000000000537501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99a764cd564e685a2021-12-21 11:31:39.693root 11241100x8000000000000000537502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.924a286c82e3f1d22021-12-21 11:31:39.693root 11241100x8000000000000000537503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:40.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4dbb100a5eed96a2021-12-21 11:31:40.192root 11241100x8000000000000000537504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95131cbdd9113cce2021-12-21 11:31:40.193root 11241100x8000000000000000537505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9d1be1beb73db232021-12-21 11:31:40.193root 11241100x8000000000000000537506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4d8992ec32d9bee2021-12-21 11:31:40.193root 11241100x8000000000000000537507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:40.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1a8dd83f5cf343b2021-12-21 11:31:40.692root 11241100x8000000000000000537508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93f6319ad567008f2021-12-21 11:31:40.693root 11241100x8000000000000000537509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23a81eb64cdbeb7f2021-12-21 11:31:40.693root 11241100x8000000000000000537510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86ac8ebf7d51d5a52021-12-21 11:31:40.693root 11241100x8000000000000000537511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02e008b900f661062021-12-21 11:31:41.193root 11241100x8000000000000000537512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce9d279d8db42f1d2021-12-21 11:31:41.193root 11241100x8000000000000000537513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67b71f1387a51d952021-12-21 11:31:41.193root 11241100x8000000000000000537514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.973c3452856062002021-12-21 11:31:41.193root 11241100x8000000000000000537515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:41.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f02ad8a0a1e1cd02021-12-21 11:31:41.692root 11241100x8000000000000000537516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0153e4e859c21e72021-12-21 11:31:41.693root 11241100x8000000000000000537517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba2f96d9afcdbe622021-12-21 11:31:41.693root 11241100x8000000000000000537518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1ae2c0c9e37b5032021-12-21 11:31:41.693root 11241100x8000000000000000537519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:42.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa983cc28ae13c762021-12-21 11:31:42.192root 11241100x8000000000000000537520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f356865a4bce9ada2021-12-21 11:31:42.193root 11241100x8000000000000000537521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd5b2787ea28b802021-12-21 11:31:42.193root 11241100x8000000000000000537522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6bbcefe5642a9382021-12-21 11:31:42.193root 11241100x8000000000000000537523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d0cb4a243f21ad02021-12-21 11:31:42.693root 11241100x8000000000000000537524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.787d7262429a86ea2021-12-21 11:31:42.693root 11241100x8000000000000000537525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.978e2df856786aa62021-12-21 11:31:42.693root 11241100x8000000000000000537526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d8c0ec1a267ec2e2021-12-21 11:31:42.694root 11241100x8000000000000000537527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:43.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1bc0b599c739f152021-12-21 11:31:43.192root 11241100x8000000000000000537528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb3d941048c2883a2021-12-21 11:31:43.193root 11241100x8000000000000000537529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81d16357fb1d16df2021-12-21 11:31:43.193root 11241100x8000000000000000537530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ea58fcb24fe4e12021-12-21 11:31:43.193root 354300x8000000000000000537531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:43.252{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48668-false10.0.1.12-8000- 11241100x8000000000000000537532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c27767ce84f065972021-12-21 11:31:43.693root 11241100x8000000000000000537533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f07f3e61d61c0a2021-12-21 11:31:43.693root 11241100x8000000000000000537534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b89738411308d2a2021-12-21 11:31:43.693root 11241100x8000000000000000537535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6b23e7efd0387ff2021-12-21 11:31:43.694root 11241100x8000000000000000537536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd82ccff431eb6f2021-12-21 11:31:43.694root 11241100x8000000000000000537537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:44.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bc993695f12dc022021-12-21 11:31:44.192root 11241100x8000000000000000537538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ef025073b8a56ff2021-12-21 11:31:44.193root 11241100x8000000000000000537539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d5d31cbb2e0f9b22021-12-21 11:31:44.193root 11241100x8000000000000000537540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b812ef3f836482c2021-12-21 11:31:44.193root 11241100x8000000000000000537541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3ce554caeb7a8e62021-12-21 11:31:44.194root 11241100x8000000000000000537542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fc6343703fdbfa12021-12-21 11:31:44.693root 11241100x8000000000000000537543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62ad44d7170b000c2021-12-21 11:31:44.693root 11241100x8000000000000000537544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.525be4d49e64d1f52021-12-21 11:31:44.693root 11241100x8000000000000000537545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c0408e140abc3b72021-12-21 11:31:44.693root 11241100x8000000000000000537546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fdce7e296da224f2021-12-21 11:31:44.693root 534500x8000000000000000537547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:44.894{00000000-0000-0000-0000-000000000000}9883<unknown process>ubuntu 534500x8000000000000000537548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:44.897{00000000-0000-0000-0000-000000000000}9884<unknown process>ubuntu 534500x8000000000000000537549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:44.899{00000000-0000-0000-0000-000000000000}9885<unknown process>ubuntu 11241100x8000000000000000537550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:44.899{ec2b6afe-aacb-61c1-0834-fdd63c560000}5677/bin/bash/tmp/sh-thd.FA1jYY2021-12-21 11:31:44.899ubuntu 23542300x8000000000000000537551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:44.899{ec2b6afe-aacb-61c1-0834-fdd63c560000}5677ubuntu/bin/bash/tmp/sh-thd.FA1jYY--- 11241100x8000000000000000537552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6962ff4382d325762021-12-21 11:31:45.193root 11241100x8000000000000000537553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68b57f128bb950202021-12-21 11:31:45.193root 11241100x8000000000000000537554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.190509dc4382400f2021-12-21 11:31:45.193root 11241100x8000000000000000537555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c5a0667b2b4988d2021-12-21 11:31:45.193root 11241100x8000000000000000537556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.810247f9367063a32021-12-21 11:31:45.193root 11241100x8000000000000000537557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68d7568e1c908cae2021-12-21 11:31:45.193root 11241100x8000000000000000537558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e74ec0d52ddfc02a2021-12-21 11:31:45.193root 11241100x8000000000000000537559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84b4d71ab0bace4a2021-12-21 11:31:45.193root 11241100x8000000000000000537560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb654ee4e064fc3c2021-12-21 11:31:45.194root 11241100x8000000000000000537561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8ecdb9a408058932021-12-21 11:31:45.194root 11241100x8000000000000000537562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.903b43f68867972d2021-12-21 11:31:45.194root 11241100x8000000000000000537563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f54fdd91a42669672021-12-21 11:31:45.194root 11241100x8000000000000000537564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f64bf19a9771600c2021-12-21 11:31:45.194root 11241100x8000000000000000537565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.319a339e57ea05462021-12-21 11:31:45.195root 154100x8000000000000000537566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.479{ec2b6afe-bb21-61c1-089e-285c01560000}9886/usr/bin/sudo-----sudo setcap cap_setuid=ep ./evil_bin/home/ubuntuubuntu{ec2b6afe-aacb-61c1-e803-000000000000}10006no level-{ec2b6afe-aacb-61c1-0834-fdd63c560000}5677/bin/bash-bashubuntu 11241100x8000000000000000537567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.482{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c1305178a5d3ef62021-12-21 11:31:45.482root 11241100x8000000000000000537568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.482{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46808692c8af1c062021-12-21 11:31:45.482root 11241100x8000000000000000537569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.482{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ecdd0bf2cba3a652021-12-21 11:31:45.482root 11241100x8000000000000000537570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.482{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abd5d359b6a188112021-12-21 11:31:45.482root 11241100x8000000000000000537571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.483{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4c866c5f600671b2021-12-21 11:31:45.483root 11241100x8000000000000000537572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.483{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67055c82039cbc762021-12-21 11:31:45.483root 11241100x8000000000000000537573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.484{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.465fb80ce584e79d2021-12-21 11:31:45.484root 11241100x8000000000000000537574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.484{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.221a983fe9496b4d2021-12-21 11:31:45.484root 11241100x8000000000000000537575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.484{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99a1ccc63d8a68a92021-12-21 11:31:45.484root 11241100x8000000000000000537576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.484{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94bdb63ecdb8a0b62021-12-21 11:31:45.484root 11241100x8000000000000000537577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.484{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66cdd567e249ef112021-12-21 11:31:45.484root 354300x8000000000000000537578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.485{ec2b6afe-bb21-61c1-089e-285c01560000}9886/usr/bin/sudoubuntuudptruefalse127.0.0.1-53189-false127.0.0.53-53- 354300x8000000000000000537579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.486{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.25-57495-false10.0.0.2-53- 354300x8000000000000000537580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.486{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.25-55401-false10.0.0.2-53- 354300x8000000000000000537581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.487{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-53189- 354300x8000000000000000537582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.487{ec2b6afe-bb21-61c1-089e-285c01560000}9886/usr/bin/sudoubuntuudpfalsefalse127.0.0.53-53-false127.0.0.1-53189- 354300x8000000000000000537583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.498{ec2b6afe-bb21-61c1-089e-285c01560000}9886/usr/bin/sudoubuntuudptruefalse127.0.0.1-46353-false127.0.0.53-53- 354300x8000000000000000537584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.498{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-46353- 154100x8000000000000000537585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.504{ec2b6afe-bb21-61c1-8077-a5381b560000}9887/sbin/setcap-----setcap cap_setuid=ep ./evil_bin/home/ubunturoot{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-bb21-61c1-089e-285c01560000}9886/usr/bin/sudosudoubuntu 534500x8000000000000000537586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.504{ec2b6afe-bb21-61c1-8077-a5381b560000}9887/sbin/setcaproot 534500x8000000000000000537587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.505{ec2b6afe-bb21-61c1-089e-285c01560000}9886/usr/bin/sudoroot 11241100x8000000000000000537588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05876c40a16b3ecd2021-12-21 11:31:45.943root 11241100x8000000000000000537589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e02788226f83f8a2021-12-21 11:31:45.943root 11241100x8000000000000000537590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a93559d8356c54d2021-12-21 11:31:45.943root 11241100x8000000000000000537591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b17ff8a385246332021-12-21 11:31:45.943root 11241100x8000000000000000537592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05cb2a8debd13f0c2021-12-21 11:31:45.944root 11241100x8000000000000000537593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52fdc3eadbad4dc72021-12-21 11:31:45.944root 11241100x8000000000000000537594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae44b247a01865962021-12-21 11:31:45.944root 11241100x8000000000000000537595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80dd82d3630b5c062021-12-21 11:31:45.944root 11241100x8000000000000000537596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86eec97bbf986a062021-12-21 11:31:45.944root 11241100x8000000000000000537597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce99cfbba855e8382021-12-21 11:31:45.944root 11241100x8000000000000000537598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0441666b79ba29b2021-12-21 11:31:45.944root 11241100x8000000000000000537599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78687984e247b3a62021-12-21 11:31:45.944root 11241100x8000000000000000537600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b8af45d419faf22021-12-21 11:31:45.944root 11241100x8000000000000000537601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e87dc638ac33fb962021-12-21 11:31:45.944root 11241100x8000000000000000537602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.382a9b5d43f61d842021-12-21 11:31:45.945root 11241100x8000000000000000537603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.681592b82bb2b9a42021-12-21 11:31:45.945root 11241100x8000000000000000537604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6c39066c0f273ac2021-12-21 11:31:45.945root 11241100x8000000000000000537605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0981cc6d28e5eaf52021-12-21 11:31:45.945root 11241100x8000000000000000537606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30e18679ec2f465c2021-12-21 11:31:45.945root 11241100x8000000000000000537607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b611f62cffce8c792021-12-21 11:31:45.946root 11241100x8000000000000000537608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.314424bcafad3fc22021-12-21 11:31:45.947root 11241100x8000000000000000537609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9227a7b2422872f2021-12-21 11:31:46.443root 11241100x8000000000000000537610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.231a97a737477ce82021-12-21 11:31:46.443root 11241100x8000000000000000537611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67eb60c30bf55b1d2021-12-21 11:31:46.443root 11241100x8000000000000000537612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd589aebe00461f82021-12-21 11:31:46.444root 11241100x8000000000000000537613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af5f8788a97b81c72021-12-21 11:31:46.444root 11241100x8000000000000000537614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be1d4a483fdefe292021-12-21 11:31:46.444root 11241100x8000000000000000537615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c7560d1ee9cd9422021-12-21 11:31:46.444root 11241100x8000000000000000537616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43e2a7f70a78901c2021-12-21 11:31:46.444root 11241100x8000000000000000537617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.499c3cd7c0379c1f2021-12-21 11:31:46.444root 11241100x8000000000000000537618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45a6b310aa925c7f2021-12-21 11:31:46.444root 11241100x8000000000000000537619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f29d553fed8d29e2021-12-21 11:31:46.444root 11241100x8000000000000000537620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d025d9859e85486a2021-12-21 11:31:46.444root 11241100x8000000000000000537621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67e4aa8fcbf020482021-12-21 11:31:46.444root 11241100x8000000000000000537622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.600af384977447b52021-12-21 11:31:46.444root 11241100x8000000000000000537623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5121a3f44bf4aff12021-12-21 11:31:46.444root 11241100x8000000000000000537624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c8345378057e8892021-12-21 11:31:46.444root 11241100x8000000000000000537625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1cac0dd0fa2df872021-12-21 11:31:46.444root 11241100x8000000000000000537626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.712bac189925a1e22021-12-21 11:31:46.444root 11241100x8000000000000000537627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8292515b5bb5f1f42021-12-21 11:31:46.444root 11241100x8000000000000000537628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e650d4ad090be7ea2021-12-21 11:31:46.445root 11241100x8000000000000000537629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16aebfeb46477fb72021-12-21 11:31:46.445root 11241100x8000000000000000537630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf477949081cb8f32021-12-21 11:31:46.943root 11241100x8000000000000000537631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77f5f619073f62b42021-12-21 11:31:46.943root 11241100x8000000000000000537632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.834bbd782a2dfdc82021-12-21 11:31:46.943root 11241100x8000000000000000537633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88cd1076241e4a262021-12-21 11:31:46.943root 11241100x8000000000000000537634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8992614162fa26a22021-12-21 11:31:46.944root 11241100x8000000000000000537635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e789ff9307bb96d2021-12-21 11:31:46.944root 11241100x8000000000000000537636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f95c312102dfdf902021-12-21 11:31:46.944root 11241100x8000000000000000537637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bdb383655fbb4a52021-12-21 11:31:46.944root 11241100x8000000000000000537638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2d34778dc1ba7922021-12-21 11:31:46.944root 11241100x8000000000000000537639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df80954c9c8ef8e72021-12-21 11:31:46.944root 11241100x8000000000000000537640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07aaa00aa6de5b362021-12-21 11:31:46.944root 11241100x8000000000000000537641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bc9286a74b961bb2021-12-21 11:31:46.944root 11241100x8000000000000000537642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb7be44e3a4727352021-12-21 11:31:46.944root 11241100x8000000000000000537643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd98634b2c767c6f2021-12-21 11:31:46.944root 11241100x8000000000000000537644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7fe4b265c3b612c2021-12-21 11:31:46.944root 11241100x8000000000000000537645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c10e5ebd4daea09a2021-12-21 11:31:46.944root 11241100x8000000000000000537646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ab0a02367ecd7e2021-12-21 11:31:46.944root 11241100x8000000000000000537647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08759853cd60f0cd2021-12-21 11:31:46.944root 11241100x8000000000000000537648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2abd755f9a07c1642021-12-21 11:31:46.944root 11241100x8000000000000000537649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2680afc2145a3c802021-12-21 11:31:46.944root 11241100x8000000000000000537650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.103365c3a4e4f3182021-12-21 11:31:46.945root 11241100x8000000000000000537651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45cbb5d25a0087a02021-12-21 11:31:47.443root 11241100x8000000000000000537652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10d1a5d5047defe42021-12-21 11:31:47.443root 11241100x8000000000000000537653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.196f2cd46dffcacc2021-12-21 11:31:47.444root 11241100x8000000000000000537654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c9c5f62bcf8e3732021-12-21 11:31:47.444root 11241100x8000000000000000537655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90fe991d7d49c01e2021-12-21 11:31:47.444root 11241100x8000000000000000537656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e87abac40e2ac912021-12-21 11:31:47.444root 11241100x8000000000000000537657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a24392056777fc1e2021-12-21 11:31:47.444root 11241100x8000000000000000537658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9e9c844f6306d182021-12-21 11:31:47.444root 11241100x8000000000000000537659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.843c81b096a6a2642021-12-21 11:31:47.444root 11241100x8000000000000000537660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48391b3af453b08c2021-12-21 11:31:47.444root 11241100x8000000000000000537661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.716dd8211e70ab522021-12-21 11:31:47.444root 11241100x8000000000000000537662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc191a7923c9f93e2021-12-21 11:31:47.444root 11241100x8000000000000000537663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e795817ee80e1342021-12-21 11:31:47.444root 11241100x8000000000000000537664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9458857edc867162021-12-21 11:31:47.444root 11241100x8000000000000000537665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a7e82635ae9f9a2021-12-21 11:31:47.444root 11241100x8000000000000000537666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c3566c330b1d1392021-12-21 11:31:47.444root 11241100x8000000000000000537667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.612fa7861eeba7202021-12-21 11:31:47.444root 11241100x8000000000000000537668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e8a558a05e0b5fd2021-12-21 11:31:47.444root 11241100x8000000000000000537669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75c80dc6ef7f02372021-12-21 11:31:47.445root 11241100x8000000000000000537670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e04fcefb3183ee92021-12-21 11:31:47.445root 11241100x8000000000000000537671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.137eaea8381312e42021-12-21 11:31:47.445root 11241100x8000000000000000537672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37de3ae8c0a92baf2021-12-21 11:31:47.943root 11241100x8000000000000000537673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c16bc7aa6dad4362021-12-21 11:31:47.943root 11241100x8000000000000000537674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9770b300f161a892021-12-21 11:31:47.943root 11241100x8000000000000000537675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2594ca6c19ea8c072021-12-21 11:31:47.943root 11241100x8000000000000000537676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f177a29c1d680ad22021-12-21 11:31:47.944root 11241100x8000000000000000537677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22064a0b105d5ba92021-12-21 11:31:47.944root 11241100x8000000000000000537678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0292b3d15418ddc2021-12-21 11:31:47.944root 11241100x8000000000000000537679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d51ad0b8fa2d6ec92021-12-21 11:31:47.944root 11241100x8000000000000000537680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dfee8e1b5ba3ba72021-12-21 11:31:47.944root 11241100x8000000000000000537681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dbb29088f1e4b052021-12-21 11:31:47.944root 11241100x8000000000000000537682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c24df4819aef4af2021-12-21 11:31:47.944root 11241100x8000000000000000537683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27e6ae764d7e06242021-12-21 11:31:47.944root 11241100x8000000000000000537684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e3f2980c45ea2232021-12-21 11:31:47.944root 11241100x8000000000000000537685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be5dba008a406e282021-12-21 11:31:47.944root 11241100x8000000000000000537686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a3113acca875b0b2021-12-21 11:31:47.944root 11241100x8000000000000000537687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb921445bdfaa7b2021-12-21 11:31:47.944root 11241100x8000000000000000537688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5ec01263ae6ca262021-12-21 11:31:47.944root 11241100x8000000000000000537689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b71bcc18c5a6c012021-12-21 11:31:47.944root 11241100x8000000000000000537690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ab2344bef06e5222021-12-21 11:31:47.945root 11241100x8000000000000000537691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c67281f0b3c4c3952021-12-21 11:31:47.945root 11241100x8000000000000000537692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c29f5b3e537f2342021-12-21 11:31:47.945root 11241100x8000000000000000537693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e35a1158b3e49062021-12-21 11:31:48.443root 11241100x8000000000000000537694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99466ae12d844cad2021-12-21 11:31:48.443root 11241100x8000000000000000537695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.153fa5b4dbeb96922021-12-21 11:31:48.444root 11241100x8000000000000000537696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f90961a98960fdc92021-12-21 11:31:48.444root 11241100x8000000000000000537697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff7a06bcfff2e3e72021-12-21 11:31:48.444root 11241100x8000000000000000537698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.203c1207c39f18792021-12-21 11:31:48.444root 11241100x8000000000000000537699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6090a518abf0353a2021-12-21 11:31:48.444root 11241100x8000000000000000537700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f47e36fc51418f62021-12-21 11:31:48.444root 11241100x8000000000000000537701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.028db07a1261f8b82021-12-21 11:31:48.444root 11241100x8000000000000000537702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c80bc1bda5fee7d2021-12-21 11:31:48.444root 11241100x8000000000000000537703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e4ac139d91ce00b2021-12-21 11:31:48.444root 11241100x8000000000000000537704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b2dce243aa0902d2021-12-21 11:31:48.444root 11241100x8000000000000000537705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aceb83f4939ee4ad2021-12-21 11:31:48.444root 11241100x8000000000000000537706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a45b61859c06e9182021-12-21 11:31:48.444root 11241100x8000000000000000537707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff67018e7241fa3a2021-12-21 11:31:48.445root 11241100x8000000000000000537708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.068461c5d685c9712021-12-21 11:31:48.445root 11241100x8000000000000000537709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca7186ac87d5e3242021-12-21 11:31:48.445root 11241100x8000000000000000537710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79d4378090eb26162021-12-21 11:31:48.445root 11241100x8000000000000000537711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d2e7a056d4d610e2021-12-21 11:31:48.445root 11241100x8000000000000000537712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1897337b06f71c5f2021-12-21 11:31:48.445root 11241100x8000000000000000537713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32cc0ef586d4a7332021-12-21 11:31:48.445root 11241100x8000000000000000537714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0de18f7817c6d0db2021-12-21 11:31:48.943root 11241100x8000000000000000537715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f0701c58649690c2021-12-21 11:31:48.943root 11241100x8000000000000000537716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab4f006e8128c5a02021-12-21 11:31:48.943root 11241100x8000000000000000537717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e9a762862dca9832021-12-21 11:31:48.943root 11241100x8000000000000000537718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.911ca61ca09465842021-12-21 11:31:48.944root 11241100x8000000000000000537719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.663068c9d18895b42021-12-21 11:31:48.944root 11241100x8000000000000000537720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1f2d5f2f518b03c2021-12-21 11:31:48.944root 11241100x8000000000000000537721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb848c2a6792bf2d2021-12-21 11:31:48.944root 11241100x8000000000000000537722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d589e3fdfa0c01232021-12-21 11:31:48.944root 11241100x8000000000000000537723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59558a9eb8385fbe2021-12-21 11:31:48.944root 11241100x8000000000000000537724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c096638ed9e696202021-12-21 11:31:48.944root 11241100x8000000000000000537725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.256f70c2a2ecb7992021-12-21 11:31:48.944root 11241100x8000000000000000537726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f59c975fba602bd22021-12-21 11:31:48.944root 11241100x8000000000000000537727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79c05d9711fa05f52021-12-21 11:31:48.944root 11241100x8000000000000000537728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0d21f84f29d6cf22021-12-21 11:31:48.944root 11241100x8000000000000000537729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c91da1f98efe4942021-12-21 11:31:48.944root 11241100x8000000000000000537730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1461675ee3035172021-12-21 11:31:48.944root 11241100x8000000000000000537731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c81f6ffd787b5c732021-12-21 11:31:48.944root 11241100x8000000000000000537732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3791734132fd9822021-12-21 11:31:48.944root 11241100x8000000000000000537733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9da02f89353cbf92021-12-21 11:31:48.945root 11241100x8000000000000000537734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b3a9905c028f4132021-12-21 11:31:48.945root 354300x8000000000000000537735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.040{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48670-false10.0.1.12-8000- 11241100x8000000000000000537736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1a82bf7ad12d0ed2021-12-21 11:31:49.443root 11241100x8000000000000000537737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e2cc17982db51012021-12-21 11:31:49.443root 11241100x8000000000000000537738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc3d60eab37730542021-12-21 11:31:49.443root 11241100x8000000000000000537739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c8737071dde452c2021-12-21 11:31:49.443root 11241100x8000000000000000537740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb1e0be3c34d2dfa2021-12-21 11:31:49.444root 11241100x8000000000000000537741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.045745bd3d939fbc2021-12-21 11:31:49.444root 11241100x8000000000000000537742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7226f4869e557ad62021-12-21 11:31:49.444root 11241100x8000000000000000537743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.916c97e9f3056a802021-12-21 11:31:49.444root 11241100x8000000000000000537744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.738d0ae52fe94ca22021-12-21 11:31:49.444root 11241100x8000000000000000537745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2145e5b64de25db12021-12-21 11:31:49.444root 11241100x8000000000000000537746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e968c6f1c22e3baf2021-12-21 11:31:49.444root 11241100x8000000000000000537747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca7ca188566944562021-12-21 11:31:49.444root 11241100x8000000000000000537748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f78ffbb2049156e2021-12-21 11:31:49.444root 11241100x8000000000000000537749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7c9ad0b2fd677762021-12-21 11:31:49.444root 11241100x8000000000000000537750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b488cfeb8466a8c42021-12-21 11:31:49.445root 11241100x8000000000000000537751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3df9a22e42a14bf2021-12-21 11:31:49.445root 11241100x8000000000000000537752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41c629d0e8110e422021-12-21 11:31:49.445root 11241100x8000000000000000537753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9c600be18266cad2021-12-21 11:31:49.445root 11241100x8000000000000000537754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57366574e34635292021-12-21 11:31:49.445root 11241100x8000000000000000537755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e74dd98bf6537b8c2021-12-21 11:31:49.445root 11241100x8000000000000000537756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7290c4c8bc7b09032021-12-21 11:31:49.445root 11241100x8000000000000000537757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b0f17809e07665c2021-12-21 11:31:49.445root 11241100x8000000000000000537758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d92dd090c77659042021-12-21 11:31:49.943root 11241100x8000000000000000537759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd191ec7f5de1a102021-12-21 11:31:49.943root 11241100x8000000000000000537760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c64910becda7d4242021-12-21 11:31:49.943root 11241100x8000000000000000537761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e49abe3ecb1dea42021-12-21 11:31:49.943root 11241100x8000000000000000537762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.111e6fc4f54808ed2021-12-21 11:31:49.944root 11241100x8000000000000000537763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.772d21245f91899a2021-12-21 11:31:49.944root 11241100x8000000000000000537764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f43d1c6ea7bf21a22021-12-21 11:31:49.944root 11241100x8000000000000000537765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26b665ea050a9e8c2021-12-21 11:31:49.944root 11241100x8000000000000000537766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.268df93a0e464f8a2021-12-21 11:31:49.944root 11241100x8000000000000000537767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3f579a0e7ee53b22021-12-21 11:31:49.944root 11241100x8000000000000000537768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3806a300f1ca8f012021-12-21 11:31:49.944root 11241100x8000000000000000537769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82616c5d06a40de42021-12-21 11:31:49.944root 11241100x8000000000000000537770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec45103c9d4863cf2021-12-21 11:31:49.944root 11241100x8000000000000000537771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37284d1eaddb56012021-12-21 11:31:49.944root 11241100x8000000000000000537772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92fb40ffd39bcbe82021-12-21 11:31:49.944root 11241100x8000000000000000537773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72f179ce0a70fef82021-12-21 11:31:49.944root 11241100x8000000000000000537774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e4cb3b7bcb701052021-12-21 11:31:49.944root 11241100x8000000000000000537775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d1b02010686c9472021-12-21 11:31:49.944root 11241100x8000000000000000537776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd47785d80fb1d0c2021-12-21 11:31:49.945root 11241100x8000000000000000537777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5df510d568a3e4a2021-12-21 11:31:49.945root 11241100x8000000000000000537778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ef7922fb02001272021-12-21 11:31:49.945root 11241100x8000000000000000537779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b619c0cb0c39c7212021-12-21 11:31:49.945root 11241100x8000000000000000537780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fac80cfcfc19c3472021-12-21 11:31:50.443root 11241100x8000000000000000537781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78f0e7d836d507e02021-12-21 11:31:50.443root 11241100x8000000000000000537782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db5f1dfb52601b502021-12-21 11:31:50.444root 11241100x8000000000000000537783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d42e1cf4c44e0d42021-12-21 11:31:50.444root 11241100x8000000000000000537784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e938326e8412672021-12-21 11:31:50.444root 11241100x8000000000000000537785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e6b1b320983615c2021-12-21 11:31:50.444root 11241100x8000000000000000537786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a55a2b73ec9937422021-12-21 11:31:50.444root 11241100x8000000000000000537787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f73e9d86d8e221482021-12-21 11:31:50.445root 11241100x8000000000000000537788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b024e6ad3b14d2992021-12-21 11:31:50.445root 11241100x8000000000000000537789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04ef999f3d5e9dec2021-12-21 11:31:50.445root 11241100x8000000000000000537790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bee6ab6b91b00cd2021-12-21 11:31:50.445root 11241100x8000000000000000537791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b93bbcbf6a4d3f92021-12-21 11:31:50.445root 11241100x8000000000000000537792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2190b3615b20d2f62021-12-21 11:31:50.445root 11241100x8000000000000000537793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13777c1050286ff82021-12-21 11:31:50.445root 11241100x8000000000000000537794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14324f8d8a49a3d82021-12-21 11:31:50.445root 11241100x8000000000000000537795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.968eddd1f2ab73602021-12-21 11:31:50.445root 11241100x8000000000000000537796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.850e9343e16922bc2021-12-21 11:31:50.445root 11241100x8000000000000000537797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.029bf4c8fb7e80552021-12-21 11:31:50.445root 11241100x8000000000000000537798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07feb0bd7ea50da22021-12-21 11:31:50.445root 11241100x8000000000000000537799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c0f823b2350189c2021-12-21 11:31:50.445root 11241100x8000000000000000537800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a2c87ed1bf187e42021-12-21 11:31:50.445root 11241100x8000000000000000537801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eaac1614a6a264d2021-12-21 11:31:50.445root 11241100x8000000000000000537802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7993efec6ed813502021-12-21 11:31:50.943root 11241100x8000000000000000537803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31a8c59660cb41a32021-12-21 11:31:50.943root 11241100x8000000000000000537804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d8d0d1fc8e6a6872021-12-21 11:31:50.943root 11241100x8000000000000000537805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e096310ce6c547e62021-12-21 11:31:50.944root 11241100x8000000000000000537806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aef98dd6572f3bbe2021-12-21 11:31:50.944root 11241100x8000000000000000537807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37c82d47bb99005f2021-12-21 11:31:50.944root 11241100x8000000000000000537808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc8550fd7f8312cb2021-12-21 11:31:50.944root 11241100x8000000000000000537809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55ddce1662f5f5232021-12-21 11:31:50.944root 11241100x8000000000000000537810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22a5c435f1097f622021-12-21 11:31:50.944root 11241100x8000000000000000537811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.491456897fed27c32021-12-21 11:31:50.944root 11241100x8000000000000000537812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f39bcc58890370b62021-12-21 11:31:50.944root 11241100x8000000000000000537813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77829478b84096992021-12-21 11:31:50.944root 11241100x8000000000000000537814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d008bada012625bc2021-12-21 11:31:50.944root 11241100x8000000000000000537815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87d537ac1a681e5f2021-12-21 11:31:50.944root 11241100x8000000000000000537816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92e3b4599f74df8a2021-12-21 11:31:50.944root 11241100x8000000000000000537817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10adc84d41668eee2021-12-21 11:31:50.945root 11241100x8000000000000000537818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41aaa3c710e3e4e92021-12-21 11:31:50.945root 11241100x8000000000000000537819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0cb009e4e16d8ff2021-12-21 11:31:50.945root 11241100x8000000000000000537820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f76ce66debe0fd312021-12-21 11:31:50.945root 11241100x8000000000000000537821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63d3f96c37a4c77b2021-12-21 11:31:50.945root 11241100x8000000000000000537822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.078399d3a2d65b152021-12-21 11:31:50.945root 11241100x8000000000000000537823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19731187b13971772021-12-21 11:31:50.945root 11241100x8000000000000000537824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.995c100d9a95f9022021-12-21 11:31:51.443root 11241100x8000000000000000537825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d75c04fdeabd79e12021-12-21 11:31:51.443root 11241100x8000000000000000537826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7666c425499dab72021-12-21 11:31:51.443root 11241100x8000000000000000537827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac93be068a5bccc2021-12-21 11:31:51.443root 11241100x8000000000000000537828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06eb539c1d2492052021-12-21 11:31:51.444root 11241100x8000000000000000537829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6534c746e0a7a802021-12-21 11:31:51.444root 11241100x8000000000000000537830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ebbda3e0c57b71c2021-12-21 11:31:51.444root 11241100x8000000000000000537831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.135c19cfd890fbde2021-12-21 11:31:51.444root 11241100x8000000000000000537832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec4c3c8a903edceb2021-12-21 11:31:51.444root 11241100x8000000000000000537833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56e4e21696d99a952021-12-21 11:31:51.444root 11241100x8000000000000000537834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2274dff07e9ee6622021-12-21 11:31:51.444root 11241100x8000000000000000537835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc0e8b2d93edc26d2021-12-21 11:31:51.444root 11241100x8000000000000000537836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a99b2b28cabeb1e92021-12-21 11:31:51.444root 11241100x8000000000000000537837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbce9f15f9eace482021-12-21 11:31:51.444root 11241100x8000000000000000537838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19b9c7efffe313b62021-12-21 11:31:51.444root 11241100x8000000000000000537839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.626a452785b162322021-12-21 11:31:51.444root 11241100x8000000000000000537840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0768668e91d46662021-12-21 11:31:51.444root 11241100x8000000000000000537841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32fb200ee7febe252021-12-21 11:31:51.444root 11241100x8000000000000000537842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01f39b5a411a22462021-12-21 11:31:51.445root 11241100x8000000000000000537843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df47690f4b3013e12021-12-21 11:31:51.445root 11241100x8000000000000000537844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e356022383734632021-12-21 11:31:51.445root 11241100x8000000000000000537845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ff2b537575dad622021-12-21 11:31:51.445root 11241100x8000000000000000537846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93904bc32044748c2021-12-21 11:31:51.943root 11241100x8000000000000000537847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27358cbddf0b37762021-12-21 11:31:51.943root 11241100x8000000000000000537848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d92b4c56516fa4c32021-12-21 11:31:51.943root 11241100x8000000000000000537849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c6e88e27bc9c3c52021-12-21 11:31:51.944root 11241100x8000000000000000537850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68b24881b76092cb2021-12-21 11:31:51.944root 11241100x8000000000000000537851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.695989331ef34a222021-12-21 11:31:51.944root 11241100x8000000000000000537852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aab3fa286719b19f2021-12-21 11:31:51.944root 11241100x8000000000000000537853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bd2d8e2aefc17c12021-12-21 11:31:51.944root 11241100x8000000000000000537854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf8744753dede61e2021-12-21 11:31:51.944root 11241100x8000000000000000537855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2857a4b4b80bb12d2021-12-21 11:31:51.944root 11241100x8000000000000000537856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cf388bda484dd7b2021-12-21 11:31:51.944root 11241100x8000000000000000537857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86a0ae8707d8b2c62021-12-21 11:31:51.944root 11241100x8000000000000000537858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cca1875abecad6d2021-12-21 11:31:51.944root 11241100x8000000000000000537859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.134f06820d11bcd42021-12-21 11:31:51.944root 11241100x8000000000000000537860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.273a1305a4d85dd42021-12-21 11:31:51.944root 11241100x8000000000000000537861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bf0208f4d16c0a42021-12-21 11:31:51.944root 11241100x8000000000000000537862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31337a855ea3b38c2021-12-21 11:31:51.944root 11241100x8000000000000000537863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3360027e7d225f92021-12-21 11:31:51.944root 11241100x8000000000000000537864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37b94c3567969f252021-12-21 11:31:51.945root 11241100x8000000000000000537865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e45be1a311ad05fa2021-12-21 11:31:51.945root 11241100x8000000000000000537866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28123855ec31787f2021-12-21 11:31:51.945root 11241100x8000000000000000537867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99cd791f43d616492021-12-21 11:31:51.945root 11241100x8000000000000000537868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85dc6e0b3baa7ec12021-12-21 11:31:52.443root 11241100x8000000000000000537869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.828333c0805a77362021-12-21 11:31:52.443root 11241100x8000000000000000537870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c93324364526a82b2021-12-21 11:31:52.443root 11241100x8000000000000000537871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e60b9db2a2a5da52021-12-21 11:31:52.443root 11241100x8000000000000000537872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc113f886606c0732021-12-21 11:31:52.444root 11241100x8000000000000000537873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e3fbcecaeaca37f2021-12-21 11:31:52.444root 11241100x8000000000000000537874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab232e747b3863b62021-12-21 11:31:52.444root 11241100x8000000000000000537875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b24c3f029faa04282021-12-21 11:31:52.444root 11241100x8000000000000000537876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.230408ef5312b7312021-12-21 11:31:52.444root 11241100x8000000000000000537877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4111d33fee77528a2021-12-21 11:31:52.444root 11241100x8000000000000000537878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14f2f35ea41d7af22021-12-21 11:31:52.444root 11241100x8000000000000000537879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.254f34ddebb01fbc2021-12-21 11:31:52.444root 11241100x8000000000000000537880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04398aa5109982ec2021-12-21 11:31:52.444root 11241100x8000000000000000537881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.023211b147fe2b952021-12-21 11:31:52.444root 11241100x8000000000000000537882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4259c9b05c204742021-12-21 11:31:52.444root 11241100x8000000000000000537883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05fe1234a312c6862021-12-21 11:31:52.444root 11241100x8000000000000000537884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.460619822be4e2c92021-12-21 11:31:52.444root 11241100x8000000000000000537885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6389a6d0d377ea582021-12-21 11:31:52.444root 11241100x8000000000000000537886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0e421e757036e612021-12-21 11:31:52.445root 11241100x8000000000000000537887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.464cd6281c3df8172021-12-21 11:31:52.445root 11241100x8000000000000000537888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f25e50be68b078db2021-12-21 11:31:52.445root 11241100x8000000000000000537889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a52d094f380d156e2021-12-21 11:31:52.445root 11241100x8000000000000000537890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4849edc7bce9f5532021-12-21 11:31:52.943root 11241100x8000000000000000537891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8f49f9cca3b01592021-12-21 11:31:52.943root 11241100x8000000000000000537892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3d3d24dc15c2eee2021-12-21 11:31:52.944root 11241100x8000000000000000537893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8719d014b91061d2021-12-21 11:31:52.944root 11241100x8000000000000000537894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d2982c76dc955522021-12-21 11:31:52.944root 11241100x8000000000000000537895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38002f21cf73cc332021-12-21 11:31:52.944root 11241100x8000000000000000537896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa15bbbd9cb22f242021-12-21 11:31:52.944root 11241100x8000000000000000537897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.474ce9be46a617ba2021-12-21 11:31:52.944root 11241100x8000000000000000537898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ab5da12713da5dd2021-12-21 11:31:52.944root 11241100x8000000000000000537899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec7510218bf9b8a42021-12-21 11:31:52.945root 11241100x8000000000000000537900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d0e316ffed1ebac2021-12-21 11:31:52.945root 11241100x8000000000000000537901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d97b5dc702ad4da92021-12-21 11:31:52.945root 11241100x8000000000000000537902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70deb06a0aa4029c2021-12-21 11:31:52.945root 11241100x8000000000000000537903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56df96ee38fc57962021-12-21 11:31:52.945root 11241100x8000000000000000537904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3440f41817549c332021-12-21 11:31:52.945root 11241100x8000000000000000537905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d365e0b14cac3f22021-12-21 11:31:52.945root 11241100x8000000000000000537906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1423ca528f53cc4c2021-12-21 11:31:52.946root 11241100x8000000000000000537907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83ab781d628d0a9d2021-12-21 11:31:52.947root 11241100x8000000000000000537908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efc502481f388b4a2021-12-21 11:31:52.947root 11241100x8000000000000000537909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa0ffdcbefacb3472021-12-21 11:31:52.948root 11241100x8000000000000000537910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea9a28a8386bae772021-12-21 11:31:52.948root 11241100x8000000000000000537911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fcb842699694fd72021-12-21 11:31:52.948root 11241100x8000000000000000537912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80c66ea42e8a8c6f2021-12-21 11:31:52.948root 11241100x8000000000000000537913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d37287503c1414ad2021-12-21 11:31:52.949root 11241100x8000000000000000537914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.818902513e617d082021-12-21 11:31:53.443root 11241100x8000000000000000537915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6936ca87ab14ca7a2021-12-21 11:31:53.444root 11241100x8000000000000000537916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.204ebf635ff1281f2021-12-21 11:31:53.444root 11241100x8000000000000000537917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93949844fb7ee52b2021-12-21 11:31:53.444root 11241100x8000000000000000537918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ab228244589e8af2021-12-21 11:31:53.444root 11241100x8000000000000000537919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dc3bc7d08fa0df12021-12-21 11:31:53.444root 11241100x8000000000000000537920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83a2e38508997d6e2021-12-21 11:31:53.445root 11241100x8000000000000000537921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e80ed0492ce34652021-12-21 11:31:53.445root 11241100x8000000000000000537922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.535ec4a8bf0db1eb2021-12-21 11:31:53.445root 11241100x8000000000000000537923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4c65c682d0ffb2e2021-12-21 11:31:53.445root 11241100x8000000000000000537924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd2d6376215b7ad12021-12-21 11:31:53.445root 11241100x8000000000000000537925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef3191d222893de22021-12-21 11:31:53.445root 11241100x8000000000000000537926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70f8b91ee443b3452021-12-21 11:31:53.445root 11241100x8000000000000000537927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86e131a8d2a4977a2021-12-21 11:31:53.445root 11241100x8000000000000000537928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec659e425ffb33f62021-12-21 11:31:53.445root 11241100x8000000000000000537929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd69269ebe3f9f452021-12-21 11:31:53.445root 11241100x8000000000000000537930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76f4c007165c582a2021-12-21 11:31:53.445root 11241100x8000000000000000537931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a38cc3a0cd128ae2021-12-21 11:31:53.445root 11241100x8000000000000000537932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2097e6310db38b32021-12-21 11:31:53.445root 11241100x8000000000000000537933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aed369972c3edac2021-12-21 11:31:53.446root 11241100x8000000000000000537934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dc42582712ff2002021-12-21 11:31:53.446root 11241100x8000000000000000537935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41d28da1667152602021-12-21 11:31:53.446root 11241100x8000000000000000537936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2faec8fc6ca4fd6d2021-12-21 11:31:53.446root 11241100x8000000000000000537937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffe70c2cd282a6322021-12-21 11:31:53.446root 11241100x8000000000000000537938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed27d97ff8514f2f2021-12-21 11:31:53.943root 11241100x8000000000000000537939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e673d03b559c9c22021-12-21 11:31:53.943root 11241100x8000000000000000537940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.653f93d28e98654d2021-12-21 11:31:53.943root 11241100x8000000000000000537941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1048ec8b045d06c2021-12-21 11:31:53.943root 11241100x8000000000000000537942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9159e0ae55f714b02021-12-21 11:31:53.943root 11241100x8000000000000000537943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22757ed03402a2d72021-12-21 11:31:53.943root 11241100x8000000000000000537944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.561f71f7378f0f972021-12-21 11:31:53.943root 11241100x8000000000000000537945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.007205dfce9a4f4d2021-12-21 11:31:53.943root 11241100x8000000000000000537946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cbcb5201237016f2021-12-21 11:31:53.943root 11241100x8000000000000000537947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fa138617b0f41c62021-12-21 11:31:53.943root 11241100x8000000000000000537948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.962c8d2103f146a32021-12-21 11:31:53.943root 11241100x8000000000000000537949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4429558f6141992f2021-12-21 11:31:53.944root 11241100x8000000000000000537950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8802473bf9ee853e2021-12-21 11:31:53.944root 11241100x8000000000000000537951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a15386f3ba44cb402021-12-21 11:31:53.944root 11241100x8000000000000000537952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bad15cddd7ceb83c2021-12-21 11:31:53.944root 11241100x8000000000000000537953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78f7572c714f5ed22021-12-21 11:31:53.944root 11241100x8000000000000000537954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25949c11bde970df2021-12-21 11:31:53.944root 11241100x8000000000000000537955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3f56786dec937342021-12-21 11:31:53.944root 11241100x8000000000000000537956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f34047b7f7258ed92021-12-21 11:31:53.944root 11241100x8000000000000000537957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6652cb6465bcea62021-12-21 11:31:53.944root 11241100x8000000000000000537958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9289a39bb6978a42021-12-21 11:31:53.944root 11241100x8000000000000000537959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a045752819d1a8b22021-12-21 11:31:53.944root 354300x8000000000000000537960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.136{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48672-false10.0.1.12-8000- 11241100x8000000000000000537961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f7e12dcea86c3542021-12-21 11:31:54.443root 11241100x8000000000000000537962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc6814b6d7d1eab92021-12-21 11:31:54.443root 11241100x8000000000000000537963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6d8d6b11cb5b2162021-12-21 11:31:54.444root 11241100x8000000000000000537964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bbb8ed33548d3ac2021-12-21 11:31:54.444root 11241100x8000000000000000537965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a248354c533439842021-12-21 11:31:54.444root 11241100x8000000000000000537966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6df2540e4feff0622021-12-21 11:31:54.444root 11241100x8000000000000000537967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7b4b32eab812b4f2021-12-21 11:31:54.444root 11241100x8000000000000000537968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aba832b6b652ff62021-12-21 11:31:54.445root 11241100x8000000000000000537969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1523eecb8d5c3522021-12-21 11:31:54.445root 11241100x8000000000000000537970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8830bf16eb3e8f762021-12-21 11:31:54.445root 11241100x8000000000000000537971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1acad829bbb81962021-12-21 11:31:54.445root 11241100x8000000000000000537972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.252eefdb16cd62682021-12-21 11:31:54.445root 11241100x8000000000000000537973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1982b2aecb7bf862021-12-21 11:31:54.445root 11241100x8000000000000000537974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.373a2bc5dab1cd812021-12-21 11:31:54.445root 11241100x8000000000000000537975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be491818a7b000a2021-12-21 11:31:54.446root 11241100x8000000000000000537976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72917cd751d788b82021-12-21 11:31:54.446root 11241100x8000000000000000537977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c51e000607c0d9eb2021-12-21 11:31:54.446root 11241100x8000000000000000537978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ea089ff87176dbe2021-12-21 11:31:54.446root 11241100x8000000000000000537979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.531d967ae753c23c2021-12-21 11:31:54.446root 11241100x8000000000000000537980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.678e6a7160b8109b2021-12-21 11:31:54.446root 11241100x8000000000000000537981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fcdf3a8ae75449b2021-12-21 11:31:54.446root 11241100x8000000000000000537982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bed563a58368cc52021-12-21 11:31:54.447root 11241100x8000000000000000537983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e20f394b3c3f9b12021-12-21 11:31:54.447root 11241100x8000000000000000537984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74d62f45e4da4e572021-12-21 11:31:54.447root 11241100x8000000000000000537985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c985915db2f5f902021-12-21 11:31:54.447root 11241100x8000000000000000537986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5144c7b8c57dffa72021-12-21 11:31:54.943root 11241100x8000000000000000537987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d31607a650c77192021-12-21 11:31:54.943root 11241100x8000000000000000537988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cccaa1ae9986f982021-12-21 11:31:54.943root 11241100x8000000000000000537989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e60031f5c89c5a242021-12-21 11:31:54.944root 11241100x8000000000000000537990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2ae1e03581c11b42021-12-21 11:31:54.944root 11241100x8000000000000000537991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6776e24c092b894c2021-12-21 11:31:54.944root 11241100x8000000000000000537992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fd4934a4f3277a32021-12-21 11:31:54.944root 11241100x8000000000000000537993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2e575b167cb6f002021-12-21 11:31:54.944root 11241100x8000000000000000537994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.797092f66dad5ed72021-12-21 11:31:54.944root 11241100x8000000000000000537995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.536d59c38cd0668b2021-12-21 11:31:54.944root 11241100x8000000000000000537996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d21d0f92985435362021-12-21 11:31:54.944root 11241100x8000000000000000537997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c0f919e21b0f7202021-12-21 11:31:54.944root 11241100x8000000000000000537998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96cbfeb17f1e19782021-12-21 11:31:54.944root 11241100x8000000000000000537999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c78b62d8debcc7952021-12-21 11:31:54.945root 11241100x8000000000000000538000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2028042946610f442021-12-21 11:31:54.945root 11241100x8000000000000000538001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.829ec2b124d9ddba2021-12-21 11:31:54.945root 11241100x8000000000000000538002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bfb202094a89ddf2021-12-21 11:31:54.945root 11241100x8000000000000000538003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a74aac6a289bab2021-12-21 11:31:54.945root 11241100x8000000000000000538004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0be55223d04e48892021-12-21 11:31:54.945root 11241100x8000000000000000538005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edab4d0c4be926232021-12-21 11:31:54.945root 11241100x8000000000000000538006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d412f53806f4d6c2021-12-21 11:31:54.945root 11241100x8000000000000000538007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dabf4c6e940cacb2021-12-21 11:31:54.945root 11241100x8000000000000000538008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.663f2c548bea5e112021-12-21 11:31:54.945root 11241100x8000000000000000538009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c4a1bceef3777572021-12-21 11:31:55.443root 11241100x8000000000000000538010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01433d5ab53cd7d02021-12-21 11:31:55.443root 11241100x8000000000000000538011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ef3d927a300d8df2021-12-21 11:31:55.443root 11241100x8000000000000000538012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0911f4b153a1ad02021-12-21 11:31:55.443root 11241100x8000000000000000538013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7fa3d3d65314b462021-12-21 11:31:55.444root 11241100x8000000000000000538014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1fc146a9abab84e2021-12-21 11:31:55.444root 11241100x8000000000000000538015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b82b219c82c526b32021-12-21 11:31:55.444root 11241100x8000000000000000538016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d6965f534a892262021-12-21 11:31:55.444root 11241100x8000000000000000538017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d586de24d73694492021-12-21 11:31:55.444root 11241100x8000000000000000538018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d097f137f016ed7a2021-12-21 11:31:55.444root 11241100x8000000000000000538019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.687877f7de51c03f2021-12-21 11:31:55.444root 11241100x8000000000000000538020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c8c265cc7538fa12021-12-21 11:31:55.445root 11241100x8000000000000000538021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c59eb116dab559f02021-12-21 11:31:55.445root 11241100x8000000000000000538022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a802606d584b6be52021-12-21 11:31:55.445root 11241100x8000000000000000538023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.874205590023036b2021-12-21 11:31:55.445root 11241100x8000000000000000538024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86b050425ca936e92021-12-21 11:31:55.445root 11241100x8000000000000000538025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3295a01f811f67ea2021-12-21 11:31:55.445root 11241100x8000000000000000538026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbceab0a80126ca02021-12-21 11:31:55.445root 11241100x8000000000000000538027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4e66159a22bb7432021-12-21 11:31:55.446root 11241100x8000000000000000538028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0715b95d79b75cd02021-12-21 11:31:55.446root 11241100x8000000000000000538029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4835c9a18f4e55b62021-12-21 11:31:55.446root 11241100x8000000000000000538030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f78f93fff7a97ee22021-12-21 11:31:55.446root 11241100x8000000000000000538031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f88b283fec34e7a2021-12-21 11:31:55.446root 11241100x8000000000000000538032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.429f3f461ae518912021-12-21 11:31:55.446root 11241100x8000000000000000538033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.825824b8ca0154e32021-12-21 11:31:55.447root 11241100x8000000000000000538034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25ec7aab7a663d8a2021-12-21 11:31:55.943root 11241100x8000000000000000538035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a106bf5e5f6901f32021-12-21 11:31:55.943root 11241100x8000000000000000538036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ef5b14334efb8302021-12-21 11:31:55.943root 11241100x8000000000000000538037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e44d90bf113f543e2021-12-21 11:31:55.943root 11241100x8000000000000000538038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96fa2e994c8347c32021-12-21 11:31:55.943root 11241100x8000000000000000538039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e0c75764a874aa62021-12-21 11:31:55.944root 11241100x8000000000000000538040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a27ce45b993ba1f42021-12-21 11:31:55.944root 11241100x8000000000000000538041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c452a9e46e686ad82021-12-21 11:31:55.944root 11241100x8000000000000000538042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29271f9c3f56feed2021-12-21 11:31:55.944root 11241100x8000000000000000538043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad71468adbd64142021-12-21 11:31:55.944root 11241100x8000000000000000538044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f0b0271a7a7beff2021-12-21 11:31:55.944root 11241100x8000000000000000538045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb560ec54b501e52021-12-21 11:31:55.944root 11241100x8000000000000000538046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.438e96047d220f842021-12-21 11:31:55.944root 11241100x8000000000000000538047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b27187bebf71e582021-12-21 11:31:55.944root 11241100x8000000000000000538048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eba5ac449b9d54fd2021-12-21 11:31:55.944root 11241100x8000000000000000538049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc449da67cf214082021-12-21 11:31:55.944root 11241100x8000000000000000538050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4664a558ab564152021-12-21 11:31:55.944root 11241100x8000000000000000538051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77ef5eed1073b5692021-12-21 11:31:55.945root 11241100x8000000000000000538052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89ceae8c7ac940b42021-12-21 11:31:55.945root 11241100x8000000000000000538053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d28845d5aa2146c42021-12-21 11:31:55.945root 11241100x8000000000000000538054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f93b63ea0c6f6f502021-12-21 11:31:55.945root 11241100x8000000000000000538055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa41ef4193dd16d2021-12-21 11:31:55.945root 11241100x8000000000000000538056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1168c224fd3b009b2021-12-21 11:31:55.945root 11241100x8000000000000000538057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a196bf4835f7b8c2021-12-21 11:31:55.945root 11241100x8000000000000000538058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8175f5d48783e402021-12-21 11:31:56.443root 11241100x8000000000000000538059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a25426fe3fa0de1c2021-12-21 11:31:56.443root 11241100x8000000000000000538060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a50def029b4649862021-12-21 11:31:56.443root 11241100x8000000000000000538061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.862ac5ac3678f01c2021-12-21 11:31:56.443root 11241100x8000000000000000538062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2c28898123d21842021-12-21 11:31:56.444root 11241100x8000000000000000538063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b696fe78c13d5a52021-12-21 11:31:56.444root 11241100x8000000000000000538064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddf6827f07f6c0b22021-12-21 11:31:56.444root 11241100x8000000000000000538065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1faeb14a540aae82021-12-21 11:31:56.444root 11241100x8000000000000000538066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6c3d85ed6b607cd2021-12-21 11:31:56.444root 11241100x8000000000000000538067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba903b445ff245a72021-12-21 11:31:56.444root 11241100x8000000000000000538068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a2506172e0101ef2021-12-21 11:31:56.444root 11241100x8000000000000000538069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79a399db65c1aa5e2021-12-21 11:31:56.445root 11241100x8000000000000000538070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58aca6fa6c0d433b2021-12-21 11:31:56.445root 11241100x8000000000000000538071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f25e02ae0ea5e42f2021-12-21 11:31:56.445root 11241100x8000000000000000538072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebd7b20440c5a4bc2021-12-21 11:31:56.445root 11241100x8000000000000000538073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d8cf86be742e5092021-12-21 11:31:56.446root 11241100x8000000000000000538074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c76771caf364fb312021-12-21 11:31:56.446root 11241100x8000000000000000538075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d88d8f3ca89d8812021-12-21 11:31:56.446root 11241100x8000000000000000538076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f64f27e0b580f4022021-12-21 11:31:56.446root 11241100x8000000000000000538077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f42f31702fcd99e2021-12-21 11:31:56.446root 11241100x8000000000000000538078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da758afd56233da62021-12-21 11:31:56.447root 11241100x8000000000000000538079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbecee5af2c9efe52021-12-21 11:31:56.447root 11241100x8000000000000000538080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb019f2ac33ec3892021-12-21 11:31:56.447root 11241100x8000000000000000538081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1697d02d8db36122021-12-21 11:31:56.447root 11241100x8000000000000000538082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43907da7c52f39a32021-12-21 11:31:56.447root 11241100x8000000000000000538083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92806248ef4188502021-12-21 11:31:56.943root 11241100x8000000000000000538084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad6bd302724fc072021-12-21 11:31:56.943root 11241100x8000000000000000538085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3309ec8671cfbbbf2021-12-21 11:31:56.943root 11241100x8000000000000000538086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4fd1b6c63add8fc2021-12-21 11:31:56.943root 11241100x8000000000000000538087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f7087d6aa5ee7332021-12-21 11:31:56.943root 11241100x8000000000000000538088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a82343da521250b92021-12-21 11:31:56.943root 11241100x8000000000000000538089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7bd88608a2397732021-12-21 11:31:56.943root 11241100x8000000000000000538090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a8911ec9fe723db2021-12-21 11:31:56.944root 11241100x8000000000000000538091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e434b7a18353cdd2021-12-21 11:31:56.944root 11241100x8000000000000000538092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f12024246c7198302021-12-21 11:31:56.944root 11241100x8000000000000000538093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbf5fdb80265adf82021-12-21 11:31:56.944root 11241100x8000000000000000538094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd0ef66f3bbddc8d2021-12-21 11:31:56.944root 11241100x8000000000000000538095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc1f6806bf9de7282021-12-21 11:31:56.944root 11241100x8000000000000000538096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6124002e3fd9ae602021-12-21 11:31:56.944root 11241100x8000000000000000538097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7397b77451d4dd6d2021-12-21 11:31:56.944root 11241100x8000000000000000538098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eccd17e06e71cde2021-12-21 11:31:56.944root 11241100x8000000000000000538099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e685f0794e4ef592021-12-21 11:31:56.944root 11241100x8000000000000000538100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65999a643d78dcd42021-12-21 11:31:56.944root 11241100x8000000000000000538101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e184341dd5753b32021-12-21 11:31:56.944root 11241100x8000000000000000538102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b43a1355486e3f32021-12-21 11:31:56.945root 11241100x8000000000000000538103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf3a8d8a055bc6a2021-12-21 11:31:56.945root 11241100x8000000000000000538104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3970ec3a3de554152021-12-21 11:31:56.945root 11241100x8000000000000000538105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ba04489e9787ba12021-12-21 11:31:56.945root 11241100x8000000000000000538106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5319d39c4889677d2021-12-21 11:31:57.443root 11241100x8000000000000000538107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f63bed9e25b5c0112021-12-21 11:31:57.443root 11241100x8000000000000000538108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1a87cad62cf3d7c2021-12-21 11:31:57.444root 11241100x8000000000000000538109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d5fd6120701c1a32021-12-21 11:31:57.444root 11241100x8000000000000000538110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3d052b0b03dd6932021-12-21 11:31:57.444root 11241100x8000000000000000538111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e8081750ce3898f2021-12-21 11:31:57.444root 11241100x8000000000000000538112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c9c01516b287d5f2021-12-21 11:31:57.444root 11241100x8000000000000000538113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4883de26457192522021-12-21 11:31:57.444root 11241100x8000000000000000538114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96e43423c5466da62021-12-21 11:31:57.445root 11241100x8000000000000000538115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52094fbf487d6c262021-12-21 11:31:57.445root 11241100x8000000000000000538116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e6ba5a2946120f2021-12-21 11:31:57.445root 11241100x8000000000000000538117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c054d8be914a986f2021-12-21 11:31:57.445root 11241100x8000000000000000538118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a1924db5101aed2021-12-21 11:31:57.445root 11241100x8000000000000000538119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56d57168a3e297f22021-12-21 11:31:57.445root 11241100x8000000000000000538120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.462d9b0e733bff392021-12-21 11:31:57.445root 11241100x8000000000000000538121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd8c519e79f62da22021-12-21 11:31:57.445root 11241100x8000000000000000538122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88f8295203e8d9832021-12-21 11:31:57.445root 11241100x8000000000000000538123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9042c291b629a5f2021-12-21 11:31:57.445root 11241100x8000000000000000538124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.309c65a66c71e5de2021-12-21 11:31:57.446root 11241100x8000000000000000538125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4eb40a05bdf94e12021-12-21 11:31:57.446root 11241100x8000000000000000538126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24d1e473b178888c2021-12-21 11:31:57.446root 11241100x8000000000000000538127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e7146ebdd9aacbc2021-12-21 11:31:57.446root 11241100x8000000000000000538128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.573b67255f17454d2021-12-21 11:31:57.446root 11241100x8000000000000000538129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad7acbd95c6d2ee02021-12-21 11:31:57.942root 11241100x8000000000000000538130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b2b5a456c553c0f2021-12-21 11:31:57.943root 11241100x8000000000000000538131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba6c6b281b0592542021-12-21 11:31:57.943root 11241100x8000000000000000538132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41eef2347d001cfa2021-12-21 11:31:57.943root 11241100x8000000000000000538133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d989ccd665c989422021-12-21 11:31:57.943root 11241100x8000000000000000538134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5724f10fc0f13992021-12-21 11:31:57.943root 11241100x8000000000000000538135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c289f09f4070efe02021-12-21 11:31:57.944root 11241100x8000000000000000538136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdf3d588f93a1ff62021-12-21 11:31:57.944root 11241100x8000000000000000538137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e183e2728b12102021-12-21 11:31:57.944root 11241100x8000000000000000538138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d0ea04f8f672ec02021-12-21 11:31:57.944root 11241100x8000000000000000538139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b80332dfcbe85aff2021-12-21 11:31:57.944root 11241100x8000000000000000538140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01a9929ac408eb9f2021-12-21 11:31:57.945root 11241100x8000000000000000538141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b3908eab3287b3a2021-12-21 11:31:57.945root 11241100x8000000000000000538142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0570a4dab421f7412021-12-21 11:31:57.945root 11241100x8000000000000000538143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.611ef1b831db101b2021-12-21 11:31:57.945root 11241100x8000000000000000538144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ec6a539eab3fdac2021-12-21 11:31:57.945root 11241100x8000000000000000538145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e72e051b4a68c72021-12-21 11:31:57.945root 11241100x8000000000000000538146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4035e5c514feb3a2021-12-21 11:31:57.945root 11241100x8000000000000000538147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b3f1c156c712862021-12-21 11:31:57.945root 11241100x8000000000000000538148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b2b9a7ab4a1d6772021-12-21 11:31:57.945root 11241100x8000000000000000538149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6b584edcf0fbe7c2021-12-21 11:31:57.945root 11241100x8000000000000000538150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5810edc6bbeb7342021-12-21 11:31:57.945root 11241100x8000000000000000538151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.046725e8989ac0fe2021-12-21 11:31:57.945root 11241100x8000000000000000538152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70b281014b8ab7642021-12-21 11:31:57.945root 11241100x8000000000000000538153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b83ea8d3ddc00e2021-12-21 11:31:57.945root 11241100x8000000000000000538154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ad8dde795bf908c2021-12-21 11:31:57.946root 11241100x8000000000000000538155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.173e12ecd200729c2021-12-21 11:31:57.946root 11241100x8000000000000000538156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13ade41f55f671b12021-12-21 11:31:57.946root 11241100x8000000000000000538157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7149fecb00bf4a1f2021-12-21 11:31:57.946root 11241100x8000000000000000538158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.845d03e2384385a92021-12-21 11:31:58.443root 11241100x8000000000000000538159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a2ed095ade9991d2021-12-21 11:31:58.443root 11241100x8000000000000000538160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.726c48dda65cf0792021-12-21 11:31:58.443root 11241100x8000000000000000538161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2da0c2027c1ab8a62021-12-21 11:31:58.443root 11241100x8000000000000000538162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df12be01517c9efe2021-12-21 11:31:58.444root 11241100x8000000000000000538163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59184db0eb8fca402021-12-21 11:31:58.444root 11241100x8000000000000000538164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.014035157d0677782021-12-21 11:31:58.444root 11241100x8000000000000000538165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aa0af9861ebd9132021-12-21 11:31:58.444root 11241100x8000000000000000538166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d77bfa8be1ceecf2021-12-21 11:31:58.444root 11241100x8000000000000000538167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff99aca686d3554a2021-12-21 11:31:58.444root 11241100x8000000000000000538168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33fd55f272c8339f2021-12-21 11:31:58.444root 11241100x8000000000000000538169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3931e69bceb639352021-12-21 11:31:58.445root 11241100x8000000000000000538170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6845a680bd327992021-12-21 11:31:58.445root 11241100x8000000000000000538171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dcb6c420098b6ee2021-12-21 11:31:58.445root 11241100x8000000000000000538172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4392023add9751aa2021-12-21 11:31:58.445root 11241100x8000000000000000538173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e64d7cb96cb37fa72021-12-21 11:31:58.445root 11241100x8000000000000000538174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceae1b38d8edea692021-12-21 11:31:58.445root 11241100x8000000000000000538175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65ea843e4e13e3842021-12-21 11:31:58.445root 11241100x8000000000000000538176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.193eea12510c0ba42021-12-21 11:31:58.445root 11241100x8000000000000000538177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.545c346ca706d45f2021-12-21 11:31:58.445root 11241100x8000000000000000538178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a23d71e46c20f2872021-12-21 11:31:58.445root 11241100x8000000000000000538179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b35d75ddf1a00c12021-12-21 11:31:58.445root 11241100x8000000000000000538180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f9ab545996f07762021-12-21 11:31:58.446root 11241100x8000000000000000538181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db9f97ac3b80aeab2021-12-21 11:31:58.446root 11241100x8000000000000000538182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dbc5c5660dc6eba2021-12-21 11:31:58.446root 11241100x8000000000000000538183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcde1c504a91d4c32021-12-21 11:31:58.446root 11241100x8000000000000000538184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57f4e21471cf40ad2021-12-21 11:31:58.446root 11241100x8000000000000000538185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6bf562e1ba086b52021-12-21 11:31:58.446root 11241100x8000000000000000538186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce0252510ed542d2021-12-21 11:31:58.447root 11241100x8000000000000000538187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ec7de4115bd3ad42021-12-21 11:31:58.447root 11241100x8000000000000000538188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.485f15e2c893453d2021-12-21 11:31:58.447root 11241100x8000000000000000538189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3320ebbcdf9a3142021-12-21 11:31:58.447root 11241100x8000000000000000538190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83164cc677ccca372021-12-21 11:31:58.447root 11241100x8000000000000000538191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e230f9e856e31c402021-12-21 11:31:58.447root 11241100x8000000000000000538192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6e51096ea60bd202021-12-21 11:31:58.447root 11241100x8000000000000000538193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77a08d621fbe9da92021-12-21 11:31:58.448root 11241100x8000000000000000538194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72f602d0861739ef2021-12-21 11:31:58.448root 11241100x8000000000000000538195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fad55e62cbcd98f2021-12-21 11:31:58.448root 11241100x8000000000000000538196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b310a588f933cdf72021-12-21 11:31:58.448root 11241100x8000000000000000538197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee836d144cb3bb12021-12-21 11:31:58.448root 11241100x8000000000000000538198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7f3f3d7ca2c3cac2021-12-21 11:31:58.448root 11241100x8000000000000000538199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65bbe56fd3f812e32021-12-21 11:31:58.448root 11241100x8000000000000000538200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d7af95dab925aae2021-12-21 11:31:58.943root 11241100x8000000000000000538201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15846b027643d48b2021-12-21 11:31:58.943root 11241100x8000000000000000538202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b70d719649d33002021-12-21 11:31:58.943root 11241100x8000000000000000538203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8fa1ef92b8fc3072021-12-21 11:31:58.944root 11241100x8000000000000000538204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c25b63c5235ac012021-12-21 11:31:58.944root 11241100x8000000000000000538205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21113fcb17a6362d2021-12-21 11:31:58.944root 11241100x8000000000000000538206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0059228ac4bc74712021-12-21 11:31:58.944root 11241100x8000000000000000538207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df021960b721b7e52021-12-21 11:31:58.944root 11241100x8000000000000000538208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7222a956e90fc30b2021-12-21 11:31:58.944root 11241100x8000000000000000538209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80306a1d51781d9c2021-12-21 11:31:58.945root 11241100x8000000000000000538210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.186d6872bf0eb6f82021-12-21 11:31:58.945root 11241100x8000000000000000538211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cff39ed67f6b84c2021-12-21 11:31:58.945root 11241100x8000000000000000538212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffddbee0b3ecbf342021-12-21 11:31:58.945root 11241100x8000000000000000538213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b8f00c6936ef8f72021-12-21 11:31:58.945root 11241100x8000000000000000538214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ead55c52284d19722021-12-21 11:31:58.946root 11241100x8000000000000000538215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd7faf2a5d9a4b082021-12-21 11:31:58.946root 11241100x8000000000000000538216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78e714f267fc09942021-12-21 11:31:58.946root 11241100x8000000000000000538217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3771828bba399bb22021-12-21 11:31:58.946root 11241100x8000000000000000538218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fd964094666cb8d2021-12-21 11:31:58.946root 11241100x8000000000000000538219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab381bb91228ff6f2021-12-21 11:31:58.946root 11241100x8000000000000000538220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91bfe05840da35f92021-12-21 11:31:58.946root 11241100x8000000000000000538221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2406efa87febc6e12021-12-21 11:31:58.947root 11241100x8000000000000000538222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72e1ddf7b1425f422021-12-21 11:31:58.947root 11241100x8000000000000000538223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24989b2058a96d5a2021-12-21 11:31:58.947root 11241100x8000000000000000538224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e03c5de537ad1abe2021-12-21 11:31:58.947root 11241100x8000000000000000538225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d7af99a595c6cd62021-12-21 11:31:58.947root 11241100x8000000000000000538226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00392e23a94b6d012021-12-21 11:31:58.947root 354300x8000000000000000538227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.149{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48674-false10.0.1.12-8000- 11241100x8000000000000000538228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.392397cf63e007af2021-12-21 11:31:59.443root 11241100x8000000000000000538229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79723c732d16c6d02021-12-21 11:31:59.444root 11241100x8000000000000000538230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2583b2d9dbec1bde2021-12-21 11:31:59.444root 11241100x8000000000000000538231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32d309d62c7ca7da2021-12-21 11:31:59.444root 11241100x8000000000000000538232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.583b7f2484222c5c2021-12-21 11:31:59.444root 11241100x8000000000000000538233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1d6855a748215152021-12-21 11:31:59.444root 11241100x8000000000000000538234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c86637ac7b06fc42021-12-21 11:31:59.444root 11241100x8000000000000000538235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2878f2e0ad8fc7cc2021-12-21 11:31:59.444root 11241100x8000000000000000538236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.071425edf5c071fd2021-12-21 11:31:59.444root 11241100x8000000000000000538237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7365d5dd7a1feb902021-12-21 11:31:59.444root 11241100x8000000000000000538238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dbe9ba243bd40572021-12-21 11:31:59.444root 11241100x8000000000000000538239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e261a7b04a8eb4de2021-12-21 11:31:59.444root 11241100x8000000000000000538240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e97a15a0acaab1762021-12-21 11:31:59.444root 11241100x8000000000000000538241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.440d8da5b7408cfd2021-12-21 11:31:59.445root 11241100x8000000000000000538242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.210474f67419122b2021-12-21 11:31:59.445root 11241100x8000000000000000538243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47a75223c30ad94c2021-12-21 11:31:59.445root 11241100x8000000000000000538244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5fd22826a7e04ba2021-12-21 11:31:59.445root 11241100x8000000000000000538245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b02b5c268dc5a5c82021-12-21 11:31:59.445root 11241100x8000000000000000538246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2152353bd4819cf2021-12-21 11:31:59.445root 11241100x8000000000000000538247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7c84079a91be21e2021-12-21 11:31:59.445root 11241100x8000000000000000538248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6b910ce396eb7be2021-12-21 11:31:59.445root 11241100x8000000000000000538249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9ea38a31f5966d72021-12-21 11:31:59.445root 11241100x8000000000000000538250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b8d5057ee7464c62021-12-21 11:31:59.445root 11241100x8000000000000000538251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e3450d731d40d1a2021-12-21 11:31:59.445root 11241100x8000000000000000538252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c80f5e67975e9a2f2021-12-21 11:31:59.943root 11241100x8000000000000000538253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1783313b74da78e72021-12-21 11:31:59.943root 11241100x8000000000000000538254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5925d8eeb4236c32021-12-21 11:31:59.943root 11241100x8000000000000000538255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8ec217e232ad7282021-12-21 11:31:59.943root 11241100x8000000000000000538256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a98d2d0ceebbbb12021-12-21 11:31:59.944root 11241100x8000000000000000538257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf39ad4d925409652021-12-21 11:31:59.944root 11241100x8000000000000000538258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3763541ab0dcfe0a2021-12-21 11:31:59.944root 11241100x8000000000000000538259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.958cb275c395cece2021-12-21 11:31:59.944root 11241100x8000000000000000538260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f5259b34a8a298a2021-12-21 11:31:59.944root 11241100x8000000000000000538261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a7ad84f692f6f1a2021-12-21 11:31:59.944root 11241100x8000000000000000538262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fc61991aa4c5c782021-12-21 11:31:59.944root 11241100x8000000000000000538263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e203fc86dedb09262021-12-21 11:31:59.944root 11241100x8000000000000000538264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22de84ffd562710f2021-12-21 11:31:59.944root 11241100x8000000000000000538265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5250cc053164b94b2021-12-21 11:31:59.944root 11241100x8000000000000000538266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8491a18584fa458b2021-12-21 11:31:59.944root 11241100x8000000000000000538267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.916e2766b82d33e52021-12-21 11:31:59.944root 11241100x8000000000000000538268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb4d69b4024f7ac22021-12-21 11:31:59.944root 11241100x8000000000000000538269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeb14285730550fe2021-12-21 11:31:59.944root 11241100x8000000000000000538270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3b98eac48d76e632021-12-21 11:31:59.944root 11241100x8000000000000000538271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80044d5856fe85922021-12-21 11:31:59.944root 11241100x8000000000000000538272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60e06f56698755fe2021-12-21 11:31:59.945root 11241100x8000000000000000538273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3631af0560343d12021-12-21 11:31:59.945root 11241100x8000000000000000538274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c70e8d2a74fbd3102021-12-21 11:31:59.945root 11241100x8000000000000000538275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c1798f80efeba0c2021-12-21 11:31:59.945root 11241100x8000000000000000538276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8a14f2234be2c8d2021-12-21 11:32:00.443root 11241100x8000000000000000538277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02f244f05693d0422021-12-21 11:32:00.443root 11241100x8000000000000000538278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e1b8c82ff0f05c72021-12-21 11:32:00.444root 11241100x8000000000000000538279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6a98db1f7bcee8d2021-12-21 11:32:00.444root 11241100x8000000000000000538280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.883787f9457ff3582021-12-21 11:32:00.444root 11241100x8000000000000000538281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89b34080b075faad2021-12-21 11:32:00.444root 11241100x8000000000000000538282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6a3dd094a936ce32021-12-21 11:32:00.444root 11241100x8000000000000000538283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e63d9e681100e6e92021-12-21 11:32:00.444root 11241100x8000000000000000538284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.618974440197fb0a2021-12-21 11:32:00.445root 11241100x8000000000000000538285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54e2c05fa48b1c002021-12-21 11:32:00.445root 11241100x8000000000000000538286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1d0759a7bbd76902021-12-21 11:32:00.445root 11241100x8000000000000000538287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfa2327a60b0cf352021-12-21 11:32:00.445root 11241100x8000000000000000538288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af110b4c68584c2f2021-12-21 11:32:00.445root 11241100x8000000000000000538289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc053ce468e7515e2021-12-21 11:32:00.445root 11241100x8000000000000000538290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca19029cff1f67c92021-12-21 11:32:00.445root 11241100x8000000000000000538291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd40cce6bd3d62cc2021-12-21 11:32:00.445root 11241100x8000000000000000538292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.047948c2415a87082021-12-21 11:32:00.445root 11241100x8000000000000000538293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e88d0387997faf72021-12-21 11:32:00.446root 11241100x8000000000000000538294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea3e91ffb56266892021-12-21 11:32:00.446root 11241100x8000000000000000538295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36d45b292a1f3b8a2021-12-21 11:32:00.446root 11241100x8000000000000000538296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6230b46dd1ee1bab2021-12-21 11:32:00.446root 11241100x8000000000000000538297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.480b333e22f4bddc2021-12-21 11:32:00.446root 11241100x8000000000000000538298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c049d26562a2438e2021-12-21 11:32:00.447root 11241100x8000000000000000538299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cf0d3f277b09b6e2021-12-21 11:32:00.447root 11241100x8000000000000000538300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa4fb7ea76205d0f2021-12-21 11:32:00.943root 11241100x8000000000000000538301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48aef32f444635722021-12-21 11:32:00.943root 11241100x8000000000000000538302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb39b933094c17062021-12-21 11:32:00.943root 11241100x8000000000000000538303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f8541c92cf3ec082021-12-21 11:32:00.943root 11241100x8000000000000000538304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b2372f1646d8e132021-12-21 11:32:00.943root 11241100x8000000000000000538305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d346a61ce45be242021-12-21 11:32:00.943root 11241100x8000000000000000538306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8f14477cfa6a38d2021-12-21 11:32:00.944root 11241100x8000000000000000538307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97ed0472cc4d86292021-12-21 11:32:00.944root 11241100x8000000000000000538308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a803ea541e81ce062021-12-21 11:32:00.944root 11241100x8000000000000000538309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28def0bb01f386d42021-12-21 11:32:00.944root 11241100x8000000000000000538310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37c0949a3872ec572021-12-21 11:32:00.944root 11241100x8000000000000000538311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ee1e6c33e418a092021-12-21 11:32:00.944root 11241100x8000000000000000538312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bff7c1f1c1d597862021-12-21 11:32:00.944root 11241100x8000000000000000538313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d34d53babbb181b02021-12-21 11:32:00.944root 11241100x8000000000000000538314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16fc916aa46637492021-12-21 11:32:00.944root 11241100x8000000000000000538315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5560c73ab54105f62021-12-21 11:32:00.944root 11241100x8000000000000000538316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dde7d8c430aef1922021-12-21 11:32:00.945root 11241100x8000000000000000538317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b02607651a216312021-12-21 11:32:00.945root 11241100x8000000000000000538318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c8dea6edfa2ea262021-12-21 11:32:00.945root 11241100x8000000000000000538319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3df8e04cf9293e382021-12-21 11:32:00.945root 11241100x8000000000000000538320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2e6a5472fe9bda82021-12-21 11:32:00.945root 11241100x8000000000000000538321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25eb5ca3e39bd4e92021-12-21 11:32:00.945root 11241100x8000000000000000538322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.886e094740b270e32021-12-21 11:32:00.946root 11241100x8000000000000000538323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf7d74becbb8ff432021-12-21 11:32:00.946root 11241100x8000000000000000538324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5af6048cfe2a76b02021-12-21 11:32:00.946root 11241100x8000000000000000538325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9b77f03ddbfa2782021-12-21 11:32:00.946root 11241100x8000000000000000538326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e415d37acaa57cd02021-12-21 11:32:00.946root 11241100x8000000000000000538327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccdfb317956f2c132021-12-21 11:32:00.946root 11241100x8000000000000000538328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a82f439cee901902021-12-21 11:32:00.946root 11241100x8000000000000000538329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcb1668d6ebb94a02021-12-21 11:32:00.947root 11241100x8000000000000000538330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a08924b4d8b831b52021-12-21 11:32:00.947root 11241100x8000000000000000538331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.765579e22df45eed2021-12-21 11:32:00.947root 11241100x8000000000000000538332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fea623ba7ad3c852021-12-21 11:32:00.948root 11241100x8000000000000000538333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d7fda7b98c076f72021-12-21 11:32:00.948root 11241100x8000000000000000538334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89ec340313abb1382021-12-21 11:32:00.948root 11241100x8000000000000000538335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9392a22222c7ade32021-12-21 11:32:00.948root 11241100x8000000000000000538336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2a161d31aa8e83f2021-12-21 11:32:00.949root 11241100x8000000000000000538337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcd5481851e90b852021-12-21 11:32:00.949root 11241100x8000000000000000538338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.502b86c9c7a3cb682021-12-21 11:32:00.949root 11241100x8000000000000000538339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37b21f96002e5f132021-12-21 11:32:01.443root 11241100x8000000000000000538340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab6e6a6eec09da12021-12-21 11:32:01.443root 11241100x8000000000000000538341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bdba9867f6507f62021-12-21 11:32:01.443root 11241100x8000000000000000538342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dde5060ca61519ca2021-12-21 11:32:01.443root 11241100x8000000000000000538343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a021146ba34cc9532021-12-21 11:32:01.444root 11241100x8000000000000000538344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a232dabd84d502af2021-12-21 11:32:01.444root 11241100x8000000000000000538345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e553ce5ff38042e62021-12-21 11:32:01.444root 11241100x8000000000000000538346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9155ec035f0fc5ed2021-12-21 11:32:01.444root 11241100x8000000000000000538347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d6ca5f70e9648132021-12-21 11:32:01.444root 11241100x8000000000000000538348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6edb74a8c6c989402021-12-21 11:32:01.444root 11241100x8000000000000000538349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.988cf4d9399db75b2021-12-21 11:32:01.444root 11241100x8000000000000000538350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f3147d21a5bf31a2021-12-21 11:32:01.444root 11241100x8000000000000000538351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65bf965f479c08572021-12-21 11:32:01.444root 11241100x8000000000000000538352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.146f6455b7ef830b2021-12-21 11:32:01.444root 11241100x8000000000000000538353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a79b41de771f60652021-12-21 11:32:01.444root 11241100x8000000000000000538354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a79678efb5b54add2021-12-21 11:32:01.445root 11241100x8000000000000000538355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab61950dfb474342021-12-21 11:32:01.445root 11241100x8000000000000000538356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09a9e6fff98b49bd2021-12-21 11:32:01.445root 11241100x8000000000000000538357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0917a7af05135452021-12-21 11:32:01.445root 11241100x8000000000000000538358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bde960fa2fef80d62021-12-21 11:32:01.445root 11241100x8000000000000000538359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4b9aec100b0ea362021-12-21 11:32:01.445root 11241100x8000000000000000538360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b400d2072cef5c52021-12-21 11:32:01.445root 11241100x8000000000000000538361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2b5b9aab77cb2052021-12-21 11:32:01.445root 11241100x8000000000000000538362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20c214e966287ea22021-12-21 11:32:01.445root 11241100x8000000000000000538363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.498e99ac3b25dc5f2021-12-21 11:32:01.943root 11241100x8000000000000000538364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1255b6250aac4e7c2021-12-21 11:32:01.943root 11241100x8000000000000000538365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6293dac812960f32021-12-21 11:32:01.943root 11241100x8000000000000000538366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d33dae6bd155f7db2021-12-21 11:32:01.943root 11241100x8000000000000000538367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b57d8ba7d2e34e82021-12-21 11:32:01.944root 11241100x8000000000000000538368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3beef241b406bf3f2021-12-21 11:32:01.944root 11241100x8000000000000000538369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7d069e7ddb68f362021-12-21 11:32:01.944root 11241100x8000000000000000538370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01cbf1df83cb3b112021-12-21 11:32:01.944root 11241100x8000000000000000538371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17d201b3ee8bfad32021-12-21 11:32:01.944root 11241100x8000000000000000538372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbf7ae6d9dfc3bfb2021-12-21 11:32:01.944root 11241100x8000000000000000538373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c75998557eea08292021-12-21 11:32:01.944root 11241100x8000000000000000538374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb8dbf008d9045e22021-12-21 11:32:01.944root 11241100x8000000000000000538375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a91e458499e4aa92021-12-21 11:32:01.944root 11241100x8000000000000000538376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d39df6d40e6ceb12021-12-21 11:32:01.945root 11241100x8000000000000000538377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f82c9bb1c1022ade2021-12-21 11:32:01.945root 11241100x8000000000000000538378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb81a6e5ec0ee4ba2021-12-21 11:32:01.945root 11241100x8000000000000000538379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3debf04a8223c752021-12-21 11:32:01.945root 11241100x8000000000000000538380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55d25439d489085d2021-12-21 11:32:01.945root 11241100x8000000000000000538381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a4596941d22a3e2021-12-21 11:32:01.945root 11241100x8000000000000000538382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9e0fc877d1c90482021-12-21 11:32:01.945root 11241100x8000000000000000538383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8def485c2dfc73002021-12-21 11:32:01.945root 11241100x8000000000000000538384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93a38f2c474df3892021-12-21 11:32:01.945root 11241100x8000000000000000538385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cea90a925be6c62e2021-12-21 11:32:01.945root 11241100x8000000000000000538386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f56bff6df896d2d2021-12-21 11:32:01.945root 11241100x8000000000000000538387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dc3185d3d76a3fa2021-12-21 11:32:02.443root 11241100x8000000000000000538388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a34afb67bbd824972021-12-21 11:32:02.443root 11241100x8000000000000000538389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b33875535c4d8102021-12-21 11:32:02.443root 11241100x8000000000000000538390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb4cf4d6b607256c2021-12-21 11:32:02.444root 11241100x8000000000000000538391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e8fd4e0b780437e2021-12-21 11:32:02.444root 11241100x8000000000000000538392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a881e2febba3b562021-12-21 11:32:02.444root 11241100x8000000000000000538393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef9147637bc9f8da2021-12-21 11:32:02.444root 11241100x8000000000000000538394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9099a2b07faa00222021-12-21 11:32:02.444root 11241100x8000000000000000538395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ced5fcb9ec90cd782021-12-21 11:32:02.444root 11241100x8000000000000000538396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3e6350280b7526d2021-12-21 11:32:02.444root 11241100x8000000000000000538397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f90b9f3e65afd3e92021-12-21 11:32:02.445root 11241100x8000000000000000538398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64a4d5c7173266c42021-12-21 11:32:02.445root 11241100x8000000000000000538399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4aecb7778a060da2021-12-21 11:32:02.445root 11241100x8000000000000000538400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66f6f813d7d9be832021-12-21 11:32:02.445root 11241100x8000000000000000538401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3299039072812af2021-12-21 11:32:02.445root 11241100x8000000000000000538402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dda91fd973e34ae2021-12-21 11:32:02.445root 11241100x8000000000000000538403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.280ae3c50cbebc602021-12-21 11:32:02.445root 11241100x8000000000000000538404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b22b1711e1ea05782021-12-21 11:32:02.445root 11241100x8000000000000000538405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc4062aca369e04d2021-12-21 11:32:02.445root 11241100x8000000000000000538406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbe24e6897fcea672021-12-21 11:32:02.445root 11241100x8000000000000000538407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92a78f5f80a065d42021-12-21 11:32:02.446root 11241100x8000000000000000538408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.089272a5fd8093ab2021-12-21 11:32:02.446root 11241100x8000000000000000538409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd463a413ce226f52021-12-21 11:32:02.446root 11241100x8000000000000000538410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18e7d8f5bbd219132021-12-21 11:32:02.446root 11241100x8000000000000000538411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cbb363532a061012021-12-21 11:32:02.446root 11241100x8000000000000000538412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dd0a8836c2339f42021-12-21 11:32:02.446root 11241100x8000000000000000538413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70c67d69dbf1e04a2021-12-21 11:32:02.446root 11241100x8000000000000000538414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8db559ddd61b23192021-12-21 11:32:02.446root 11241100x8000000000000000538415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93ddbc92c12ec2d42021-12-21 11:32:02.943root 11241100x8000000000000000538416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d139840f4fb9836f2021-12-21 11:32:02.943root 11241100x8000000000000000538417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e3b1f0effe8deb2021-12-21 11:32:02.943root 11241100x8000000000000000538418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf73e60c3fe50ed22021-12-21 11:32:02.943root 11241100x8000000000000000538419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f06b447e63708a042021-12-21 11:32:02.943root 11241100x8000000000000000538420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7df98bc9e0569832021-12-21 11:32:02.943root 11241100x8000000000000000538421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bdbe62ff39e12b82021-12-21 11:32:02.943root 11241100x8000000000000000538422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a941a3ab8a5fbb9c2021-12-21 11:32:02.943root 11241100x8000000000000000538423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47fb1b1346207ccb2021-12-21 11:32:02.944root 11241100x8000000000000000538424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbce382656d670b12021-12-21 11:32:02.944root 11241100x8000000000000000538425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f5f6d0cdcd303d2021-12-21 11:32:02.944root 11241100x8000000000000000538426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e8bb27c4adefd6e2021-12-21 11:32:02.944root 11241100x8000000000000000538427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.816e7b1c750bba702021-12-21 11:32:02.944root 11241100x8000000000000000538428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.824c4bd182bf295b2021-12-21 11:32:02.944root 11241100x8000000000000000538429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7917efd8318293782021-12-21 11:32:02.944root 11241100x8000000000000000538430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.911437a5bfba4b7c2021-12-21 11:32:02.944root 11241100x8000000000000000538431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca470ae8f46e55272021-12-21 11:32:02.944root 11241100x8000000000000000538432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99c7eef33b0432ce2021-12-21 11:32:02.944root 11241100x8000000000000000538433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd70f65c66281c292021-12-21 11:32:02.945root 11241100x8000000000000000538434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.967c1b7b2ee0d0fd2021-12-21 11:32:02.945root 11241100x8000000000000000538435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b09c427555086942021-12-21 11:32:02.945root 11241100x8000000000000000538436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7a8360b0068d1f82021-12-21 11:32:02.945root 11241100x8000000000000000538437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.834524cce15ea7d22021-12-21 11:32:02.945root 11241100x8000000000000000538438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f9212534f663aa72021-12-21 11:32:02.945root 11241100x8000000000000000538439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ef3cd40f14a1cbb2021-12-21 11:32:02.946root 11241100x8000000000000000538440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebc018aec0cbc1ab2021-12-21 11:32:02.946root 11241100x8000000000000000538441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc225e319651d4fe2021-12-21 11:32:02.946root 11241100x8000000000000000538442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acb901c22877317a2021-12-21 11:32:02.946root 11241100x8000000000000000538443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37aaf6ba31a5e96b2021-12-21 11:32:02.946root 11241100x8000000000000000538444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d833922b861963a2021-12-21 11:32:02.946root 11241100x8000000000000000538445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d3955259512fcce2021-12-21 11:32:02.946root 11241100x8000000000000000538446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a57666ebd300c232021-12-21 11:32:02.946root 11241100x8000000000000000538447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f600bcb111210cbc2021-12-21 11:32:02.946root 11241100x8000000000000000538448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9300fbb9672456fc2021-12-21 11:32:02.946root 11241100x8000000000000000538449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb340cd2515132b82021-12-21 11:32:02.946root 11241100x8000000000000000538450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7403ef9958c28b532021-12-21 11:32:02.947root 11241100x8000000000000000538451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2e2a104c7a920632021-12-21 11:32:02.947root 11241100x8000000000000000538452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.757d52ef975c2cd92021-12-21 11:32:02.947root 11241100x8000000000000000538453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b7d54f282ed51352021-12-21 11:32:02.947root 11241100x8000000000000000538454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.648d828a5ebced9c2021-12-21 11:32:02.947root 11241100x8000000000000000538455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e006eeb903d5d8612021-12-21 11:32:02.947root 11241100x8000000000000000538456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a78f3d7136facb52021-12-21 11:32:02.947root 11241100x8000000000000000538457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.342caa69c902ba3f2021-12-21 11:32:03.443root 11241100x8000000000000000538458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed6f7c87587a6acd2021-12-21 11:32:03.443root 11241100x8000000000000000538459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29efcd6bec83107f2021-12-21 11:32:03.443root 11241100x8000000000000000538460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc73415a50cf2a452021-12-21 11:32:03.443root 11241100x8000000000000000538461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53923a4f804b4e252021-12-21 11:32:03.444root 11241100x8000000000000000538462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba764a25f1fcd68c2021-12-21 11:32:03.444root 11241100x8000000000000000538463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8218c2fc858d9ed2021-12-21 11:32:03.444root 11241100x8000000000000000538464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9215716542ed90f32021-12-21 11:32:03.444root 11241100x8000000000000000538465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b62d470502b5cd52021-12-21 11:32:03.444root 11241100x8000000000000000538466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39739638c9acc73c2021-12-21 11:32:03.444root 11241100x8000000000000000538467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.195f8a1a26c260d22021-12-21 11:32:03.444root 11241100x8000000000000000538468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.525e63570ce5a0af2021-12-21 11:32:03.444root 11241100x8000000000000000538469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.824ae9bbd11b0da02021-12-21 11:32:03.444root 11241100x8000000000000000538470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba3ab8dd30d6b4d52021-12-21 11:32:03.444root 11241100x8000000000000000538471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c92a77301046accc2021-12-21 11:32:03.444root 11241100x8000000000000000538472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c905532f4b44f852021-12-21 11:32:03.444root 11241100x8000000000000000538473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f1496893dc4c6432021-12-21 11:32:03.444root 11241100x8000000000000000538474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35cb80598c43b62a2021-12-21 11:32:03.444root 11241100x8000000000000000538475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67454b49aab5bf5b2021-12-21 11:32:03.444root 11241100x8000000000000000538476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12ebee49227977a42021-12-21 11:32:03.444root 11241100x8000000000000000538477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9684b44adb1a12842021-12-21 11:32:03.445root 11241100x8000000000000000538478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d49e46d6963fb4b12021-12-21 11:32:03.445root 11241100x8000000000000000538479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7477a56c487df0e82021-12-21 11:32:03.445root 11241100x8000000000000000538480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37443eb0d47ff9512021-12-21 11:32:03.445root 11241100x8000000000000000538481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec2df790e28980822021-12-21 11:32:03.943root 11241100x8000000000000000538482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e8e77054cbce84d2021-12-21 11:32:03.943root 11241100x8000000000000000538483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ae8e100d0da75192021-12-21 11:32:03.943root 11241100x8000000000000000538484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba84fc067d8ed7ff2021-12-21 11:32:03.943root 11241100x8000000000000000538485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ba753abce1006652021-12-21 11:32:03.943root 11241100x8000000000000000538486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae97f93f1c223f4b2021-12-21 11:32:03.943root 11241100x8000000000000000538487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19f7915dac55a9e62021-12-21 11:32:03.943root 11241100x8000000000000000538488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edb326366657249d2021-12-21 11:32:03.944root 11241100x8000000000000000538489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.978f6f32a1dd62872021-12-21 11:32:03.944root 11241100x8000000000000000538490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50a64f73e1b2400b2021-12-21 11:32:03.944root 11241100x8000000000000000538491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a97351704f26f4652021-12-21 11:32:03.944root 11241100x8000000000000000538492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2152db21508ecda2021-12-21 11:32:03.944root 11241100x8000000000000000538493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb61e269533a5d612021-12-21 11:32:03.944root 11241100x8000000000000000538494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8e7d844bb875d492021-12-21 11:32:03.944root 11241100x8000000000000000538495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.205988ed031656cd2021-12-21 11:32:03.944root 11241100x8000000000000000538496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a15d8d9072fc1ea2021-12-21 11:32:03.944root 11241100x8000000000000000538497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df24597c3149b0b12021-12-21 11:32:03.944root 11241100x8000000000000000538498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc1e934bd7e6237f2021-12-21 11:32:03.944root 11241100x8000000000000000538499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44ca6519f7fd007a2021-12-21 11:32:03.945root 11241100x8000000000000000538500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b2b523b7b8950392021-12-21 11:32:03.945root 11241100x8000000000000000538501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1e6f7e52ab7255a2021-12-21 11:32:03.945root 11241100x8000000000000000538502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.552fc2b6b133607d2021-12-21 11:32:03.945root 11241100x8000000000000000538503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbdc7d94af7a15322021-12-21 11:32:03.945root 11241100x8000000000000000538504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.084a7460aaa8d7322021-12-21 11:32:03.945root 11241100x8000000000000000538505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b25aa5f2509c4e52021-12-21 11:32:03.945root 11241100x8000000000000000538506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94d88cc5071202232021-12-21 11:32:03.945root 11241100x8000000000000000538507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.130e7ab23d40d3ec2021-12-21 11:32:03.945root 11241100x8000000000000000538508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c03a42894bc440f2021-12-21 11:32:03.945root 11241100x8000000000000000538509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cdcbc3200440c5f2021-12-21 11:32:03.946root 354300x8000000000000000538510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.256{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48676-false10.0.1.12-8000- 11241100x8000000000000000538511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.257{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28a77cee2cf07d2d2021-12-21 11:32:04.257root 11241100x8000000000000000538512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.257{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31723e4f32aa9ce02021-12-21 11:32:04.257root 11241100x8000000000000000538513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.257{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6cad7e61e4c80ff2021-12-21 11:32:04.257root 11241100x8000000000000000538514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.257{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78aed478d546174e2021-12-21 11:32:04.257root 11241100x8000000000000000538515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.257{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d22ea0c409dfb7f2021-12-21 11:32:04.257root 11241100x8000000000000000538516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.257{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1241d62eb775e3382021-12-21 11:32:04.257root 11241100x8000000000000000538517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.257{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.338817e526896eeb2021-12-21 11:32:04.257root 11241100x8000000000000000538518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.258{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d30e219205f0f97f2021-12-21 11:32:04.258root 11241100x8000000000000000538519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.258{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5df605d7f47ff1ec2021-12-21 11:32:04.258root 11241100x8000000000000000538520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.258{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48355fd4845799f62021-12-21 11:32:04.258root 11241100x8000000000000000538521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.258{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6311ab86c2df7f232021-12-21 11:32:04.258root 11241100x8000000000000000538522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.258{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f2e67ca22bb3b322021-12-21 11:32:04.258root 11241100x8000000000000000538523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.258{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89e65779f93a7db12021-12-21 11:32:04.258root 11241100x8000000000000000538524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.258{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d21c0d653a8b4852021-12-21 11:32:04.258root 11241100x8000000000000000538525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.258{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d3c5eee58750b3a2021-12-21 11:32:04.258root 11241100x8000000000000000538526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.259{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee49a1b10178a0a52021-12-21 11:32:04.259root 11241100x8000000000000000538527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.259{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fb24c2e4500d1952021-12-21 11:32:04.259root 11241100x8000000000000000538528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.259{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef031f9a92791eda2021-12-21 11:32:04.259root 11241100x8000000000000000538529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.259{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c49c2c25ac585b102021-12-21 11:32:04.259root 11241100x8000000000000000538530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.259{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28a959cee86304182021-12-21 11:32:04.259root 11241100x8000000000000000538531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.259{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea18f773c63527442021-12-21 11:32:04.259root 11241100x8000000000000000538532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.259{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaaa049dc18b90df2021-12-21 11:32:04.259root 11241100x8000000000000000538533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.259{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a09caf7cd9f5e372021-12-21 11:32:04.259root 11241100x8000000000000000538534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.260{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ecf3b974f4569b52021-12-21 11:32:04.260root 11241100x8000000000000000538535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.260{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.227f90d876a8a4da2021-12-21 11:32:04.260root 11241100x8000000000000000538536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.260{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0c192717248422a2021-12-21 11:32:04.260root 11241100x8000000000000000538537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.260{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.496bf0d78cb590d12021-12-21 11:32:04.260root 11241100x8000000000000000538538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.260{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e61911148bc0fc72021-12-21 11:32:04.260root 11241100x8000000000000000538539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.260{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc495c0ababfaf682021-12-21 11:32:04.260root 11241100x8000000000000000538540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.260{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74ba0ac901b50e912021-12-21 11:32:04.260root 11241100x8000000000000000538541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.260{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c75c2534071ecc5b2021-12-21 11:32:04.260root 11241100x8000000000000000538542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.260{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65fd96f98fe1042c2021-12-21 11:32:04.260root 11241100x8000000000000000538543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.260{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a724cb6ebf716d702021-12-21 11:32:04.260root 11241100x8000000000000000538544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.260{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaa44b1c9edd1dc12021-12-21 11:32:04.260root 11241100x8000000000000000538545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.261{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a72aaf53dbfc1acd2021-12-21 11:32:04.261root 11241100x8000000000000000538546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.261{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba4a705a73d5c3132021-12-21 11:32:04.261root 11241100x8000000000000000538547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.261{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5828535904ad18112021-12-21 11:32:04.261root 11241100x8000000000000000538548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.261{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38782b5477c507442021-12-21 11:32:04.261root 11241100x8000000000000000538549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.261{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3dd0018700121752021-12-21 11:32:04.261root 11241100x8000000000000000538550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.261{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0109ed101a4314a2021-12-21 11:32:04.261root 11241100x8000000000000000538551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.261{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9ced58581267e8c2021-12-21 11:32:04.261root 11241100x8000000000000000538552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8586d1187f61cad92021-12-21 11:32:04.693root 11241100x8000000000000000538553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8528bfbddafb2c82021-12-21 11:32:04.693root 11241100x8000000000000000538554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec189ff7829c94f02021-12-21 11:32:04.693root 11241100x8000000000000000538555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cca677ac63e3c9a72021-12-21 11:32:04.693root 11241100x8000000000000000538556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8da6566e120ff8a2021-12-21 11:32:04.693root 11241100x8000000000000000538557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce916876b697af7e2021-12-21 11:32:04.693root 11241100x8000000000000000538558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66dedf21f6b7413b2021-12-21 11:32:04.694root 11241100x8000000000000000538559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.390a90ab50c949432021-12-21 11:32:04.694root 11241100x8000000000000000538560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c28c6c2c79b0e97b2021-12-21 11:32:04.694root 11241100x8000000000000000538561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8deaab01828fc52c2021-12-21 11:32:04.694root 11241100x8000000000000000538562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2b899e9034083c02021-12-21 11:32:04.694root 11241100x8000000000000000538563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a8290487c5c2c4a2021-12-21 11:32:04.694root 11241100x8000000000000000538564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd077b80668a4fa62021-12-21 11:32:04.695root 11241100x8000000000000000538565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ef9a1f63bf14cd2021-12-21 11:32:04.695root 11241100x8000000000000000538566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97242306594edc232021-12-21 11:32:04.695root 11241100x8000000000000000538567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b78128c731853e1f2021-12-21 11:32:04.695root 11241100x8000000000000000538568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e8cee83216a00772021-12-21 11:32:04.695root 11241100x8000000000000000538569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f81bae241c4876f2021-12-21 11:32:04.696root 11241100x8000000000000000538570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc54f03d0928b9732021-12-21 11:32:04.696root 11241100x8000000000000000538571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d60328c4da3925b2021-12-21 11:32:04.696root 11241100x8000000000000000538572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba1e1769846087112021-12-21 11:32:04.696root 11241100x8000000000000000538573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bd578fbf6c4f7222021-12-21 11:32:04.696root 11241100x8000000000000000538574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b62d5f9f516de7d42021-12-21 11:32:04.696root 11241100x8000000000000000538575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c19e2cf376ea63142021-12-21 11:32:04.696root 11241100x8000000000000000538576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83990ff3d8a1c5062021-12-21 11:32:04.697root 11241100x8000000000000000538577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21ee1152f4b7ec732021-12-21 11:32:05.193root 11241100x8000000000000000538578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0db5412f92c8fc0f2021-12-21 11:32:05.194root 11241100x8000000000000000538579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7341c24b88a9efc52021-12-21 11:32:05.194root 11241100x8000000000000000538580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bfdf6bc60f17c782021-12-21 11:32:05.194root 11241100x8000000000000000538581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b7e04f21d7695cb2021-12-21 11:32:05.194root 11241100x8000000000000000538582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.301e83ec012b71662021-12-21 11:32:05.194root 11241100x8000000000000000538583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9afc850c9a5c84352021-12-21 11:32:05.194root 11241100x8000000000000000538584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c2d091848ae41022021-12-21 11:32:05.194root 11241100x8000000000000000538585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cfee386acdec97c2021-12-21 11:32:05.194root 11241100x8000000000000000538586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7267b8875ec33482021-12-21 11:32:05.194root 11241100x8000000000000000538587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b55b0ef6ff3e1bf2021-12-21 11:32:05.194root 11241100x8000000000000000538588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d42ddac6d051a9512021-12-21 11:32:05.195root 11241100x8000000000000000538589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce6910bba4a219782021-12-21 11:32:05.195root 11241100x8000000000000000538590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b771ff623a968af92021-12-21 11:32:05.195root 11241100x8000000000000000538591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a8551676176bfcf2021-12-21 11:32:05.195root 11241100x8000000000000000538592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4b778120068ba7c2021-12-21 11:32:05.195root 11241100x8000000000000000538593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.492beeddbd69859d2021-12-21 11:32:05.195root 11241100x8000000000000000538594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6315daa517036b32021-12-21 11:32:05.195root 11241100x8000000000000000538595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5459da2b22c431c62021-12-21 11:32:05.195root 11241100x8000000000000000538596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b09262a9f3b5ca232021-12-21 11:32:05.196root 11241100x8000000000000000538597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc2ac51451ae95742021-12-21 11:32:05.196root 11241100x8000000000000000538598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcc7b4e90f5c619b2021-12-21 11:32:05.196root 11241100x8000000000000000538599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31dfc5d625d052b22021-12-21 11:32:05.196root 11241100x8000000000000000538600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c53431daa4d457bb2021-12-21 11:32:05.196root 11241100x8000000000000000538601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16bcfccffc9a45e82021-12-21 11:32:05.196root 11241100x8000000000000000538602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7deaee44ae37dd512021-12-21 11:32:05.693root 11241100x8000000000000000538603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ca146e0d5bddb002021-12-21 11:32:05.693root 11241100x8000000000000000538604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.103253e287df87932021-12-21 11:32:05.693root 11241100x8000000000000000538605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f87a877a5f90aaf2021-12-21 11:32:05.693root 11241100x8000000000000000538606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aedc7df52226ac492021-12-21 11:32:05.693root 11241100x8000000000000000538607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85e240d3c53ce1b22021-12-21 11:32:05.693root 11241100x8000000000000000538608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03e62c53115b15702021-12-21 11:32:05.693root 11241100x8000000000000000538609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61f35d6e22fbc7f82021-12-21 11:32:05.694root 11241100x8000000000000000538610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6631742e25dd7f392021-12-21 11:32:05.694root 11241100x8000000000000000538611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99fb6606c172129d2021-12-21 11:32:05.694root 11241100x8000000000000000538612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb77c79c4daa96362021-12-21 11:32:05.694root 11241100x8000000000000000538613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.077cd332f67573f42021-12-21 11:32:05.694root 11241100x8000000000000000538614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5408abf45e331b552021-12-21 11:32:05.694root 11241100x8000000000000000538615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a560f96037873e402021-12-21 11:32:05.694root 11241100x8000000000000000538616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.128bc29b159fc65c2021-12-21 11:32:05.694root 11241100x8000000000000000538617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c0bf4f852347d842021-12-21 11:32:05.694root 11241100x8000000000000000538618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1effe54a6d0f7a602021-12-21 11:32:05.694root 11241100x8000000000000000538619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0ae538bc79283c52021-12-21 11:32:05.694root 11241100x8000000000000000538620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76b95398b13bcbf62021-12-21 11:32:05.695root 11241100x8000000000000000538621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80dcfa5e2de910a52021-12-21 11:32:05.695root 11241100x8000000000000000538622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab845cc080ac659e2021-12-21 11:32:05.695root 11241100x8000000000000000538623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a1c8b58f0bbce282021-12-21 11:32:05.695root 11241100x8000000000000000538624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe8d511691c9e2dc2021-12-21 11:32:05.696root 11241100x8000000000000000538625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74d184dbe020b9502021-12-21 11:32:05.696root 11241100x8000000000000000538626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5486ced1a60f26d62021-12-21 11:32:05.696root 11241100x8000000000000000538627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff9cd5a6264a0fb72021-12-21 11:32:05.696root 11241100x8000000000000000538628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21219855d6af8ba82021-12-21 11:32:05.696root 11241100x8000000000000000538629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2fef736d30e769e2021-12-21 11:32:05.696root 11241100x8000000000000000538630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5901a23b13c00e42021-12-21 11:32:05.696root 11241100x8000000000000000538631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.657e7acd782604862021-12-21 11:32:05.696root 11241100x8000000000000000538632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fed578401c993962021-12-21 11:32:05.696root 11241100x8000000000000000538633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1694c282cf074c942021-12-21 11:32:05.697root 11241100x8000000000000000538634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f57b5ea54a9bca502021-12-21 11:32:05.697root 11241100x8000000000000000538635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0993aaa085c64e772021-12-21 11:32:05.697root 11241100x8000000000000000538636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60abd83e619fc8462021-12-21 11:32:05.697root 11241100x8000000000000000538637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07a189e574cb9b722021-12-21 11:32:05.697root 11241100x8000000000000000538638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42091db62b84919d2021-12-21 11:32:05.697root 11241100x8000000000000000538639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc82511a382d3cbc2021-12-21 11:32:05.698root 11241100x8000000000000000538640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31b5f43e4d0118742021-12-21 11:32:05.698root 11241100x8000000000000000538641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a8dd3d218261242021-12-21 11:32:05.698root 11241100x8000000000000000538642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40c07e46d77589852021-12-21 11:32:05.698root 11241100x8000000000000000538643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ffa10c0779f65472021-12-21 11:32:05.698root 11241100x8000000000000000538644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b430e93e558268782021-12-21 11:32:05.698root 11241100x8000000000000000538645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ad55fa9ab3b6e582021-12-21 11:32:06.192root 11241100x8000000000000000538646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47de3513e458aa1e2021-12-21 11:32:06.193root 11241100x8000000000000000538647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.936680a0a8914d712021-12-21 11:32:06.193root 11241100x8000000000000000538648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82fe9793ea36630e2021-12-21 11:32:06.193root 11241100x8000000000000000538649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee592f09da4e5ede2021-12-21 11:32:06.194root 11241100x8000000000000000538650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e53b76d2cfe16ea2021-12-21 11:32:06.194root 11241100x8000000000000000538651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6c5a192798cfd632021-12-21 11:32:06.194root 11241100x8000000000000000538652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25cf311c7575cf442021-12-21 11:32:06.194root 11241100x8000000000000000538653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.928b90fc5f801d322021-12-21 11:32:06.195root 11241100x8000000000000000538654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5bc0b4779fefbec2021-12-21 11:32:06.195root 11241100x8000000000000000538655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bc417586cb13a8a2021-12-21 11:32:06.195root 11241100x8000000000000000538656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.991263915e748d5e2021-12-21 11:32:06.195root 11241100x8000000000000000538657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52f37204135109da2021-12-21 11:32:06.195root 11241100x8000000000000000538658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b874dbd795048fe2021-12-21 11:32:06.195root 11241100x8000000000000000538659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89d9f2e89a19ac842021-12-21 11:32:06.195root 11241100x8000000000000000538660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9784ad0d49d7ea532021-12-21 11:32:06.195root 11241100x8000000000000000538661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36a690731e6e8f5c2021-12-21 11:32:06.196root 11241100x8000000000000000538662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61d2329f14fadfad2021-12-21 11:32:06.196root 11241100x8000000000000000538663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a01ddca09477f3162021-12-21 11:32:06.196root 11241100x8000000000000000538664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.648b36d8cdb5a8392021-12-21 11:32:06.196root 11241100x8000000000000000538665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.808bb030082f581c2021-12-21 11:32:06.196root 11241100x8000000000000000538666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e7364bc17b0dff82021-12-21 11:32:06.198root 11241100x8000000000000000538667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04ccc1c9144434f72021-12-21 11:32:06.198root 11241100x8000000000000000538668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5300232d789cbd9a2021-12-21 11:32:06.198root 11241100x8000000000000000538669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72c5ee2168dd21ed2021-12-21 11:32:06.199root 11241100x8000000000000000538670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06df93224bcaa84f2021-12-21 11:32:06.200root 11241100x8000000000000000538671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ecec7bf1c0e848d2021-12-21 11:32:06.200root 11241100x8000000000000000538672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d16fce92fb61dc7a2021-12-21 11:32:06.200root 11241100x8000000000000000538673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdfee005d54d0d992021-12-21 11:32:06.201root 11241100x8000000000000000538674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd9d73114ef0dbc52021-12-21 11:32:06.201root 11241100x8000000000000000538675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.722d6c573c9d47962021-12-21 11:32:06.202root 11241100x8000000000000000538676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9fb793bb032c5cd2021-12-21 11:32:06.203root 11241100x8000000000000000538677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.326{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 11:32:06.326root 11241100x8000000000000000538678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95351b04ff738fdf2021-12-21 11:32:06.693root 11241100x8000000000000000538679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a946d47b61c12b442021-12-21 11:32:06.693root 11241100x8000000000000000538680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ba21218e2c3dd232021-12-21 11:32:06.693root 11241100x8000000000000000538681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17f777e8fa1dedf72021-12-21 11:32:06.693root 11241100x8000000000000000538682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c476881120d1c0ed2021-12-21 11:32:06.693root 11241100x8000000000000000538683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35779678bf01d4262021-12-21 11:32:06.694root 11241100x8000000000000000538684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f8b885df835b1342021-12-21 11:32:06.694root 11241100x8000000000000000538685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69eb43e60ed7c7a12021-12-21 11:32:06.694root 11241100x8000000000000000538686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e92049e0b49e1ccb2021-12-21 11:32:06.694root 11241100x8000000000000000538687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33fb45b4553a197f2021-12-21 11:32:06.694root 11241100x8000000000000000538688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f02d8dde06c03af2021-12-21 11:32:06.694root 11241100x8000000000000000538689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eda288c38a7f4ec12021-12-21 11:32:06.694root 11241100x8000000000000000538690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1273a07dbeaf95482021-12-21 11:32:06.694root 11241100x8000000000000000538691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eaba97a922adf4d2021-12-21 11:32:06.694root 11241100x8000000000000000538692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.824a825763766ce32021-12-21 11:32:06.694root 11241100x8000000000000000538693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2373d55da838dfa2021-12-21 11:32:06.694root 11241100x8000000000000000538694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a98a68cd06a541922021-12-21 11:32:06.694root 11241100x8000000000000000538695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e6f899e169559ad2021-12-21 11:32:06.694root 11241100x8000000000000000538696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff0f79e2b2283a712021-12-21 11:32:06.694root 11241100x8000000000000000538697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19e218b61c948c3e2021-12-21 11:32:06.694root 11241100x8000000000000000538698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15316c23b3f328f42021-12-21 11:32:06.695root 11241100x8000000000000000538699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed8a8fa9187b6a8c2021-12-21 11:32:06.695root 11241100x8000000000000000538700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8494eb8c20a406a92021-12-21 11:32:06.695root 11241100x8000000000000000538701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7e2e3775bb257682021-12-21 11:32:06.695root 11241100x8000000000000000538702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbd0eb889725a3522021-12-21 11:32:06.695root 11241100x8000000000000000538703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b725e6c6cf1c66c2021-12-21 11:32:06.695root 11241100x8000000000000000538704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.258245193e3ad53b2021-12-21 11:32:06.695root 11241100x8000000000000000538705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dceac64fb82634082021-12-21 11:32:06.695root 11241100x8000000000000000538706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20845af2d7eed6f42021-12-21 11:32:06.695root 11241100x8000000000000000538707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5980be2afd253012021-12-21 11:32:06.696root 11241100x8000000000000000538708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.271a7bf5f853c2de2021-12-21 11:32:06.696root 11241100x8000000000000000538709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ef3f36dd519d85f2021-12-21 11:32:06.697root 11241100x8000000000000000538710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01e98aa3081cbb2e2021-12-21 11:32:06.697root 11241100x8000000000000000538711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8964cfcbd0dd301e2021-12-21 11:32:07.193root 11241100x8000000000000000538712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93879d02ac7e319d2021-12-21 11:32:07.193root 11241100x8000000000000000538713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e82eaf13ddfc8da2021-12-21 11:32:07.193root 11241100x8000000000000000538714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.529695ba030e2f3b2021-12-21 11:32:07.193root 11241100x8000000000000000538715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d8abe0e3bb104aa2021-12-21 11:32:07.193root 11241100x8000000000000000538716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff7e163ea4a820c62021-12-21 11:32:07.193root 11241100x8000000000000000538717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de4cb8cffa99e8e72021-12-21 11:32:07.193root 11241100x8000000000000000538718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26248863d220f2572021-12-21 11:32:07.194root 11241100x8000000000000000538719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c123e7ecea028502021-12-21 11:32:07.194root 11241100x8000000000000000538720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82afa7d9b2d791242021-12-21 11:32:07.194root 11241100x8000000000000000538721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37b29f74e5b314432021-12-21 11:32:07.194root 11241100x8000000000000000538722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97b0776010a6c3ab2021-12-21 11:32:07.194root 11241100x8000000000000000538723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbea3b74ffcd93382021-12-21 11:32:07.194root 11241100x8000000000000000538724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58eeb7b2c806cd4e2021-12-21 11:32:07.194root 11241100x8000000000000000538725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2af8cf673a73185f2021-12-21 11:32:07.194root 11241100x8000000000000000538726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7f57d3c02ab73d42021-12-21 11:32:07.194root 11241100x8000000000000000538727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.717d670f57568b542021-12-21 11:32:07.194root 11241100x8000000000000000538728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e0c486aa71be5c12021-12-21 11:32:07.194root 11241100x8000000000000000538729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca54221dfc8b9b8f2021-12-21 11:32:07.194root 11241100x8000000000000000538730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2c68ba94e9470942021-12-21 11:32:07.194root 11241100x8000000000000000538731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e02362848a574612021-12-21 11:32:07.195root 11241100x8000000000000000538732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddcb85d723938f6b2021-12-21 11:32:07.195root 11241100x8000000000000000538733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c99b85c889292c52021-12-21 11:32:07.195root 11241100x8000000000000000538734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67e5fc4a91f757bb2021-12-21 11:32:07.195root 11241100x8000000000000000538735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.825ff3594e4e750c2021-12-21 11:32:07.195root 11241100x8000000000000000538736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce8bf64582de0de22021-12-21 11:32:07.195root 11241100x8000000000000000538737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e229909ab805a14a2021-12-21 11:32:07.693root 11241100x8000000000000000538738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a99f9545472d1ff22021-12-21 11:32:07.693root 11241100x8000000000000000538739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a88e7a8de0aa70bc2021-12-21 11:32:07.693root 11241100x8000000000000000538740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e4f85a172775e172021-12-21 11:32:07.693root 11241100x8000000000000000538741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.468c7c7f451a49e32021-12-21 11:32:07.693root 11241100x8000000000000000538742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42f85e0579c003392021-12-21 11:32:07.693root 11241100x8000000000000000538743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf0b6cc4f728d8a82021-12-21 11:32:07.693root 11241100x8000000000000000538744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ba9dba957f198c02021-12-21 11:32:07.693root 11241100x8000000000000000538745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c997b1b89e72ca22021-12-21 11:32:07.693root 11241100x8000000000000000538746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfb1acd795e3fe8f2021-12-21 11:32:07.694root 11241100x8000000000000000538747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c36ff9ffb6da3a2d2021-12-21 11:32:07.694root 11241100x8000000000000000538748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c5d6962c3c8a572021-12-21 11:32:07.694root 11241100x8000000000000000538749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c403f50818a1f6972021-12-21 11:32:07.694root 11241100x8000000000000000538750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3151a9abfa4dd012021-12-21 11:32:07.694root 11241100x8000000000000000538751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30171471e5891cab2021-12-21 11:32:07.694root 11241100x8000000000000000538752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2af5ffc4dce39fe52021-12-21 11:32:07.694root 11241100x8000000000000000538753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b758225e262ef23a2021-12-21 11:32:07.694root 11241100x8000000000000000538754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d617b0779090ce72021-12-21 11:32:07.694root 11241100x8000000000000000538755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2527e3203d8a26de2021-12-21 11:32:07.694root 11241100x8000000000000000538756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.198898598e7483b82021-12-21 11:32:07.694root 11241100x8000000000000000538757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aa9817758b40ac72021-12-21 11:32:07.694root 11241100x8000000000000000538758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4752c6a155f2f1d2021-12-21 11:32:07.695root 11241100x8000000000000000538759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65d50f6143457a112021-12-21 11:32:07.695root 11241100x8000000000000000538760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.055361581793f3a12021-12-21 11:32:07.695root 11241100x8000000000000000538761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28904b6cc8eb9dce2021-12-21 11:32:07.695root 11241100x8000000000000000538762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a40c8c8f1de7f0042021-12-21 11:32:07.695root 11241100x8000000000000000538763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95087234c23bbd7e2021-12-21 11:32:07.695root 11241100x8000000000000000538764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f76dfb85741f755d2021-12-21 11:32:08.193root 11241100x8000000000000000538765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41ca02de09e703542021-12-21 11:32:08.193root 11241100x8000000000000000538766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1e4233bd181f3092021-12-21 11:32:08.193root 11241100x8000000000000000538767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d7b2706c013b2982021-12-21 11:32:08.193root 11241100x8000000000000000538768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.271033cf2e369b662021-12-21 11:32:08.193root 11241100x8000000000000000538769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be31fa133724e8402021-12-21 11:32:08.193root 11241100x8000000000000000538770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86872491b3bc05ec2021-12-21 11:32:08.193root 11241100x8000000000000000538771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a059f4c462ad04a72021-12-21 11:32:08.193root 11241100x8000000000000000538772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b6d51412833cb3f2021-12-21 11:32:08.193root 11241100x8000000000000000538773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c61c0cf00c994bd2021-12-21 11:32:08.194root 11241100x8000000000000000538774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.608a69ae9b586b592021-12-21 11:32:08.194root 11241100x8000000000000000538775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52ebf6371b5f709e2021-12-21 11:32:08.194root 11241100x8000000000000000538776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25283b77e17952042021-12-21 11:32:08.194root 11241100x8000000000000000538777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05b6ba114e0303e72021-12-21 11:32:08.194root 11241100x8000000000000000538778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba985cb1a976f66f2021-12-21 11:32:08.194root 11241100x8000000000000000538779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e3b576f1e40962a2021-12-21 11:32:08.194root 11241100x8000000000000000538780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.317143bf3bcbf1042021-12-21 11:32:08.194root 11241100x8000000000000000538781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8f4d6d571d3979f2021-12-21 11:32:08.194root 11241100x8000000000000000538782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d40ffda6fdfc1022021-12-21 11:32:08.194root 11241100x8000000000000000538783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab5aac42e9067f732021-12-21 11:32:08.194root 11241100x8000000000000000538784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b3fc56a4d6886502021-12-21 11:32:08.194root 11241100x8000000000000000538785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b387b3dc9dc17ff32021-12-21 11:32:08.194root 11241100x8000000000000000538786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.146537a9daa286e52021-12-21 11:32:08.194root 11241100x8000000000000000538787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21199973d6ebd5152021-12-21 11:32:08.195root 11241100x8000000000000000538788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0d60f8f2bff68cd2021-12-21 11:32:08.195root 11241100x8000000000000000538789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee85081ec248138e2021-12-21 11:32:08.195root 11241100x8000000000000000538790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8913d1372510dd282021-12-21 11:32:08.693root 11241100x8000000000000000538791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a863892ee5ed4452021-12-21 11:32:08.693root 11241100x8000000000000000538792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b117c5651952f44c2021-12-21 11:32:08.694root 11241100x8000000000000000538793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e954489627e26c2c2021-12-21 11:32:08.694root 11241100x8000000000000000538794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a1305def71a1d0d2021-12-21 11:32:08.694root 11241100x8000000000000000538795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.822366e9e9cdd6c22021-12-21 11:32:08.694root 11241100x8000000000000000538796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56154014f842ebd72021-12-21 11:32:08.694root 11241100x8000000000000000538797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a83f46ddb38af072021-12-21 11:32:08.694root 11241100x8000000000000000538798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c524143a00782c62021-12-21 11:32:08.694root 11241100x8000000000000000538799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39a545334b439a0b2021-12-21 11:32:08.694root 11241100x8000000000000000538800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f4914ecaa65a1742021-12-21 11:32:08.694root 11241100x8000000000000000538801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a33ca760012745702021-12-21 11:32:08.694root 11241100x8000000000000000538802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b345de39c9c8e5cd2021-12-21 11:32:08.694root 11241100x8000000000000000538803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5db6f90ceff69e562021-12-21 11:32:08.694root 11241100x8000000000000000538804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.785235ea819007932021-12-21 11:32:08.694root 11241100x8000000000000000538805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b72ea8c974af63be2021-12-21 11:32:08.694root 11241100x8000000000000000538806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a742717e7bf09a322021-12-21 11:32:08.694root 11241100x8000000000000000538807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c826c5ad1e546d2d2021-12-21 11:32:08.695root 11241100x8000000000000000538808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37b61ea8712dbb412021-12-21 11:32:08.695root 11241100x8000000000000000538809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9cb94b9213b21122021-12-21 11:32:08.695root 11241100x8000000000000000538810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4871d64ee683c5912021-12-21 11:32:08.695root 11241100x8000000000000000538811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04ca927d0ef62ba32021-12-21 11:32:08.695root 11241100x8000000000000000538812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c35f341577846be2021-12-21 11:32:08.695root 11241100x8000000000000000538813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2b568cbef08f9492021-12-21 11:32:08.695root 11241100x8000000000000000538814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.159c1dd380772dfe2021-12-21 11:32:08.695root 11241100x8000000000000000538815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13b3c14f2d8470bd2021-12-21 11:32:08.695root 11241100x8000000000000000538816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07fe2df7e019b55e2021-12-21 11:32:09.193root 11241100x8000000000000000538817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7705db7afaffe9d22021-12-21 11:32:09.193root 11241100x8000000000000000538818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e27a4a115998ebc2021-12-21 11:32:09.193root 11241100x8000000000000000538819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b132bf6f818aa7d2021-12-21 11:32:09.193root 11241100x8000000000000000538820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f7d0329ec4cf15e2021-12-21 11:32:09.193root 11241100x8000000000000000538821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1ccb381bfef4c752021-12-21 11:32:09.193root 11241100x8000000000000000538822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb9ae5eba21d0ed02021-12-21 11:32:09.193root 11241100x8000000000000000538823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a91f0af9fc900002021-12-21 11:32:09.193root 11241100x8000000000000000538824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd055b72656ec642021-12-21 11:32:09.193root 11241100x8000000000000000538825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69329a506fadc2602021-12-21 11:32:09.193root 11241100x8000000000000000538826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68075b1d295608e72021-12-21 11:32:09.193root 11241100x8000000000000000538827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f24d8c1f1fcf21a22021-12-21 11:32:09.194root 11241100x8000000000000000538828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65f7db5acd62bcca2021-12-21 11:32:09.194root 11241100x8000000000000000538829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6498de5420c576f02021-12-21 11:32:09.194root 11241100x8000000000000000538830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.659508379330e12c2021-12-21 11:32:09.194root 11241100x8000000000000000538831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.474ebf4790332dd82021-12-21 11:32:09.194root 11241100x8000000000000000538832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.026e02421f7795c42021-12-21 11:32:09.194root 11241100x8000000000000000538833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.868f9e00afade8af2021-12-21 11:32:09.194root 11241100x8000000000000000538834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6003855c4ffe25422021-12-21 11:32:09.194root 11241100x8000000000000000538835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e877c66d556a5fbd2021-12-21 11:32:09.194root 11241100x8000000000000000538836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed247375ec6a59ed2021-12-21 11:32:09.194root 11241100x8000000000000000538837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b95be44ecb20f4502021-12-21 11:32:09.194root 11241100x8000000000000000538838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3001d55322c0021c2021-12-21 11:32:09.194root 11241100x8000000000000000538839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f232512893ff76b2021-12-21 11:32:09.194root 11241100x8000000000000000538840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0cef2757faada992021-12-21 11:32:09.194root 11241100x8000000000000000538841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69eb83073eefb3352021-12-21 11:32:09.194root 11241100x8000000000000000538842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b50e4b4765af3d252021-12-21 11:32:09.194root 23542300x8000000000000000538843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.328{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000538844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e9ea50d620c86d2021-12-21 11:32:09.693root 11241100x8000000000000000538845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e629e33a5c96fa6c2021-12-21 11:32:09.693root 11241100x8000000000000000538846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da79ecd322d3fdfe2021-12-21 11:32:09.693root 11241100x8000000000000000538847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7afa08518e59281a2021-12-21 11:32:09.693root 11241100x8000000000000000538848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06ff63917c1410e72021-12-21 11:32:09.694root 11241100x8000000000000000538849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a785dcea43b4951a2021-12-21 11:32:09.694root 11241100x8000000000000000538850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9ee51c7700759c72021-12-21 11:32:09.694root 11241100x8000000000000000538851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9433a5358775a7c2021-12-21 11:32:09.694root 11241100x8000000000000000538852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.332f2cf44601eb732021-12-21 11:32:09.694root 11241100x8000000000000000538853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c08489ccd3c0cdd02021-12-21 11:32:09.694root 11241100x8000000000000000538854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8842c8c43054fde2021-12-21 11:32:09.694root 11241100x8000000000000000538855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78ed53b20bce65492021-12-21 11:32:09.694root 11241100x8000000000000000538856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff7309fa848fb2352021-12-21 11:32:09.694root 11241100x8000000000000000538857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.431b974cfebdbac72021-12-21 11:32:09.694root 11241100x8000000000000000538858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d327d86473e0158c2021-12-21 11:32:09.694root 11241100x8000000000000000538859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e58ba253a8c7a7132021-12-21 11:32:09.694root 11241100x8000000000000000538860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46b246d534c31c3d2021-12-21 11:32:09.694root 11241100x8000000000000000538861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f157806f1aecfa12021-12-21 11:32:09.695root 11241100x8000000000000000538862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aae2c76226bcedd2021-12-21 11:32:09.695root 11241100x8000000000000000538863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46d3512d625598922021-12-21 11:32:09.695root 11241100x8000000000000000538864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c027e6a6380adb772021-12-21 11:32:09.695root 11241100x8000000000000000538865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0aa14edb5d2a9a12021-12-21 11:32:09.695root 11241100x8000000000000000538866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cbd5036276c4d7d2021-12-21 11:32:09.695root 11241100x8000000000000000538867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c19e7947df6c40c92021-12-21 11:32:09.695root 11241100x8000000000000000538868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1fe40710a35b8912021-12-21 11:32:09.695root 11241100x8000000000000000538869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82eca7d4fca12e7e2021-12-21 11:32:09.695root 11241100x8000000000000000538870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1e795fe2d881d522021-12-21 11:32:09.695root 354300x8000000000000000538871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.184{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48678-false10.0.1.12-8000- 11241100x8000000000000000538872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.185{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75fec0ef92315aac2021-12-21 11:32:10.185root 11241100x8000000000000000538873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.185{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec3ce3381f7dbea62021-12-21 11:32:10.185root 11241100x8000000000000000538874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.185{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4784b4bbeff11e7a2021-12-21 11:32:10.185root 11241100x8000000000000000538875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.185{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59a8fd377c42d50a2021-12-21 11:32:10.185root 11241100x8000000000000000538876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.185{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89696cddafe7f4742021-12-21 11:32:10.185root 11241100x8000000000000000538877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.185{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b284c6976332a112021-12-21 11:32:10.185root 11241100x8000000000000000538878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e0155662849a502021-12-21 11:32:10.186root 11241100x8000000000000000538879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a89fbec784bfe3682021-12-21 11:32:10.186root 11241100x8000000000000000538880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad9dd1b057e7ebb32021-12-21 11:32:10.186root 11241100x8000000000000000538881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6472f076e8e516772021-12-21 11:32:10.186root 11241100x8000000000000000538882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e5938691d4c0a0e2021-12-21 11:32:10.186root 11241100x8000000000000000538883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d09591aa3747c62021-12-21 11:32:10.186root 11241100x8000000000000000538884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c174026e55da42a2021-12-21 11:32:10.186root 11241100x8000000000000000538885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09b02331ae62f7062021-12-21 11:32:10.186root 11241100x8000000000000000538886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.895eb0613132571b2021-12-21 11:32:10.186root 11241100x8000000000000000538887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39b4061d2e4892f52021-12-21 11:32:10.186root 11241100x8000000000000000538888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40f02bfc5c9a51b02021-12-21 11:32:10.186root 11241100x8000000000000000538889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2680feba3f0835762021-12-21 11:32:10.186root 11241100x8000000000000000538890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aae8322a785ee9a92021-12-21 11:32:10.186root 11241100x8000000000000000538891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d3e2ec555b5f1752021-12-21 11:32:10.186root 11241100x8000000000000000538892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.318c06d499b7bfd62021-12-21 11:32:10.186root 11241100x8000000000000000538893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4b9ce29766842f72021-12-21 11:32:10.186root 11241100x8000000000000000538894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00b8f06a9168548d2021-12-21 11:32:10.186root 11241100x8000000000000000538895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.187{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8add9ac05979ee722021-12-21 11:32:10.187root 11241100x8000000000000000538896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.187{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c8197efeb523ec22021-12-21 11:32:10.187root 11241100x8000000000000000538897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.187{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a69d6a03d3811292021-12-21 11:32:10.187root 11241100x8000000000000000538898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.187{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4325b8167c0294572021-12-21 11:32:10.187root 11241100x8000000000000000538899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.187{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14bf0b7308e805472021-12-21 11:32:10.187root 11241100x8000000000000000538900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc35c90aa11db7252021-12-21 11:32:10.443root 11241100x8000000000000000538901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2511b67280ba9f312021-12-21 11:32:10.443root 11241100x8000000000000000538902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8088aac2026e0e6e2021-12-21 11:32:10.443root 11241100x8000000000000000538903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4afab570c94b26d02021-12-21 11:32:10.443root 11241100x8000000000000000538904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54404e9a2b4faf782021-12-21 11:32:10.443root 11241100x8000000000000000538905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13b103439b9d54072021-12-21 11:32:10.443root 11241100x8000000000000000538906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e76c04a022dba7dd2021-12-21 11:32:10.443root 11241100x8000000000000000538907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b4e3321a9bb66722021-12-21 11:32:10.443root 11241100x8000000000000000538908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee915bfb366030872021-12-21 11:32:10.443root 11241100x8000000000000000538909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a32685f5f7d55acc2021-12-21 11:32:10.443root 11241100x8000000000000000538910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b8f3823a75e1ea62021-12-21 11:32:10.443root 11241100x8000000000000000538911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b256f2e1a9c35bfb2021-12-21 11:32:10.443root 11241100x8000000000000000538912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55aab825533fd2f92021-12-21 11:32:10.444root 11241100x8000000000000000538913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d68878cc3490e3272021-12-21 11:32:10.444root 11241100x8000000000000000538914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6903de1ddf19552a2021-12-21 11:32:10.444root 11241100x8000000000000000538915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe02d28b655b64dd2021-12-21 11:32:10.444root 11241100x8000000000000000538916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f7b20b29e2a34aa2021-12-21 11:32:10.444root 11241100x8000000000000000538917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e2f80a794f2112f2021-12-21 11:32:10.444root 11241100x8000000000000000538918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeab08c27ad7b93c2021-12-21 11:32:10.444root 11241100x8000000000000000538919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f5f9eb9d746ca6e2021-12-21 11:32:10.444root 11241100x8000000000000000538920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78515b79b1c39dfe2021-12-21 11:32:10.444root 11241100x8000000000000000538921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e537e6641b86c95f2021-12-21 11:32:10.444root 11241100x8000000000000000538922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5cc4269bc5a2ee12021-12-21 11:32:10.444root 11241100x8000000000000000538923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.614c4ad4acdb157c2021-12-21 11:32:10.444root 11241100x8000000000000000538924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b4d0a20c770a3fc2021-12-21 11:32:10.444root 11241100x8000000000000000538925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b60a6e0f39b5df12021-12-21 11:32:10.444root 11241100x8000000000000000538926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd950eed59a387e42021-12-21 11:32:10.445root 11241100x8000000000000000538927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5d0458b03af58f32021-12-21 11:32:10.445root 11241100x8000000000000000538928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc796cadc918b3ed2021-12-21 11:32:10.445root 11241100x8000000000000000538929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bedc10ae9f1dd9ea2021-12-21 11:32:10.943root 11241100x8000000000000000538930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df08e96dca2053522021-12-21 11:32:10.943root 11241100x8000000000000000538931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d9b942cc3182e4a2021-12-21 11:32:10.943root 11241100x8000000000000000538932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3d931b66411ab022021-12-21 11:32:10.943root 11241100x8000000000000000538933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed7fac668533a3902021-12-21 11:32:10.943root 11241100x8000000000000000538934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d24a6f4e3094dab2021-12-21 11:32:10.943root 11241100x8000000000000000538935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e9f190a6614f4762021-12-21 11:32:10.943root 11241100x8000000000000000538936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e22f8bb47a9c0602021-12-21 11:32:10.943root 11241100x8000000000000000538937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e5e331465bab5922021-12-21 11:32:10.943root 11241100x8000000000000000538938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c43044b43281daf02021-12-21 11:32:10.943root 11241100x8000000000000000538939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da92f7630ed84ea72021-12-21 11:32:10.944root 11241100x8000000000000000538940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa2bce5dd66ea092021-12-21 11:32:10.944root 11241100x8000000000000000538941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fd4f1086ffe26e22021-12-21 11:32:10.944root 11241100x8000000000000000538942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abd8a76c90b0a56e2021-12-21 11:32:10.944root 11241100x8000000000000000538943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e8ffafa9928802c2021-12-21 11:32:10.944root 11241100x8000000000000000538944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe442abbaa8a79882021-12-21 11:32:10.944root 11241100x8000000000000000538945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d3a4b4f8368a6222021-12-21 11:32:10.944root 11241100x8000000000000000538946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.839d6bf59c9cf06e2021-12-21 11:32:10.944root 11241100x8000000000000000538947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.258164b59711c62d2021-12-21 11:32:10.944root 11241100x8000000000000000538948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0554c48dc2ae54522021-12-21 11:32:10.944root 11241100x8000000000000000538949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e76d7228ea00f73b2021-12-21 11:32:10.944root 11241100x8000000000000000538950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8068e4784d8d4d002021-12-21 11:32:10.944root 11241100x8000000000000000538951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df9ae8e5c1d0da1b2021-12-21 11:32:10.944root 11241100x8000000000000000538952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97649a46ab588d92021-12-21 11:32:10.944root 11241100x8000000000000000538953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dca63168bac7bc62021-12-21 11:32:10.945root 11241100x8000000000000000538954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2c82dc5044a07812021-12-21 11:32:10.945root 11241100x8000000000000000538955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5de3041aae5dc9fc2021-12-21 11:32:10.945root 11241100x8000000000000000538956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea00c4d04297c8212021-12-21 11:32:10.945root 11241100x8000000000000000538957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dad1ee3a88a9d422021-12-21 11:32:10.945root 534500x8000000000000000538958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.096{ec2b6afe-9233-61c1-c81a-006eee550000}454/lib/systemd/systemd-journaldroot 11241100x8000000000000000538959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dd6c36006f02eac2021-12-21 11:32:11.443root 11241100x8000000000000000538960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5acff6a2152c540e2021-12-21 11:32:11.443root 11241100x8000000000000000538961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8c947b7692119332021-12-21 11:32:11.443root 11241100x8000000000000000538962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09a6e82b349d88242021-12-21 11:32:11.443root 11241100x8000000000000000538963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12b04ed094cdfc9a2021-12-21 11:32:11.444root 11241100x8000000000000000538964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed42517cfa25d9022021-12-21 11:32:11.444root 11241100x8000000000000000538965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f65d1abb0b1419932021-12-21 11:32:11.444root 11241100x8000000000000000538966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cac2628a850dbe242021-12-21 11:32:11.444root 11241100x8000000000000000538967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b550b2766526c2cd2021-12-21 11:32:11.444root 11241100x8000000000000000538968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd5bb4dfcf70bdfd2021-12-21 11:32:11.444root 11241100x8000000000000000538969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f49cbf2f1730b10d2021-12-21 11:32:11.444root 11241100x8000000000000000538970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e602dd1e006f1602021-12-21 11:32:11.444root 11241100x8000000000000000538971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc5320ac14f67fa72021-12-21 11:32:11.444root 11241100x8000000000000000538972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1cbea4eaf1c49dc2021-12-21 11:32:11.444root 11241100x8000000000000000538973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d4046d474fa5f772021-12-21 11:32:11.444root 11241100x8000000000000000538974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb6679137b6667f12021-12-21 11:32:11.444root 11241100x8000000000000000538975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a81cfea23d3578af2021-12-21 11:32:11.444root 11241100x8000000000000000538976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a02765d074659c6b2021-12-21 11:32:11.444root 11241100x8000000000000000538977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02178cf52e0734392021-12-21 11:32:11.444root 11241100x8000000000000000538978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.754b3b52fc65a56e2021-12-21 11:32:11.445root 11241100x8000000000000000538979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f704a58030ac6df2021-12-21 11:32:11.445root 11241100x8000000000000000538980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bd0736a8b411c592021-12-21 11:32:11.445root 11241100x8000000000000000538981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e553e82b0f9391c2021-12-21 11:32:11.445root 11241100x8000000000000000538982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f32bc6b8f9f946932021-12-21 11:32:11.445root 11241100x8000000000000000538983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.073f92f351d505312021-12-21 11:32:11.445root 11241100x8000000000000000538984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2045ef693c791fd42021-12-21 11:32:11.445root 11241100x8000000000000000538985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5834f91ac8da3842021-12-21 11:32:11.445root 11241100x8000000000000000538986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4440d949bcab2902021-12-21 11:32:11.445root 11241100x8000000000000000538987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aae9ac36fc6efd82021-12-21 11:32:11.445root 11241100x8000000000000000538988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f22b69e1b572a5d22021-12-21 11:32:11.943root 11241100x8000000000000000538989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad2f160e6e102aea2021-12-21 11:32:11.943root 11241100x8000000000000000538990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a2da248383822b92021-12-21 11:32:11.943root 11241100x8000000000000000538991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dddad81b2913922d2021-12-21 11:32:11.943root 11241100x8000000000000000538992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f4d65d46f6521512021-12-21 11:32:11.943root 11241100x8000000000000000538993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff7c3b2d86b3ceed2021-12-21 11:32:11.943root 11241100x8000000000000000538994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f33242cbf3c47c7a2021-12-21 11:32:11.943root 11241100x8000000000000000538995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.976bf83aed0ff6df2021-12-21 11:32:11.943root 11241100x8000000000000000538996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6260ca40c7f0e8a42021-12-21 11:32:11.944root 11241100x8000000000000000538997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a982a1346e22ae02021-12-21 11:32:11.944root 11241100x8000000000000000538998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e30ca14b64f2c1012021-12-21 11:32:11.944root 11241100x8000000000000000538999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97da3d19f8e9c6de2021-12-21 11:32:11.944root 11241100x8000000000000000539000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.992b5f67e905501d2021-12-21 11:32:11.944root 11241100x8000000000000000539001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3b46b1afcdf89442021-12-21 11:32:11.944root 11241100x8000000000000000539002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.441a609de194fbd82021-12-21 11:32:11.944root 11241100x8000000000000000539003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf260668ec6518eb2021-12-21 11:32:11.944root 11241100x8000000000000000539004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b107cf20beb4fc562021-12-21 11:32:11.944root 11241100x8000000000000000539005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06bba2136f1272382021-12-21 11:32:11.944root 11241100x8000000000000000539006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13e8e94603d9bc5a2021-12-21 11:32:11.944root 11241100x8000000000000000539007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff612ff428ef5edc2021-12-21 11:32:11.944root 11241100x8000000000000000539008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35f402bf0b2c4e7a2021-12-21 11:32:11.945root 11241100x8000000000000000539009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c801b22ba225dbb72021-12-21 11:32:11.945root 11241100x8000000000000000539010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c0b0136d5a54932021-12-21 11:32:11.945root 11241100x8000000000000000539011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12c8508e5184ab8b2021-12-21 11:32:11.945root 11241100x8000000000000000539012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81b764853595a8ef2021-12-21 11:32:11.945root 11241100x8000000000000000539013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecce9e9f317e2d9c2021-12-21 11:32:11.945root 11241100x8000000000000000539014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aba157486dd923482021-12-21 11:32:11.945root 11241100x8000000000000000539015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f19945a21e467652021-12-21 11:32:11.945root 11241100x8000000000000000539016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b34f99e8124599ba2021-12-21 11:32:11.945root 11241100x8000000000000000539017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3069ca065894b88e2021-12-21 11:32:11.945root 11241100x8000000000000000539018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d87a9e7a7d56b872021-12-21 11:32:11.945root 11241100x8000000000000000539019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62e1b16bbdac695b2021-12-21 11:32:11.945root 11241100x8000000000000000539020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afc3f988e4da04ac2021-12-21 11:32:12.442root 11241100x8000000000000000539021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6451719e55382dab2021-12-21 11:32:12.443root 11241100x8000000000000000539022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.803d0a69838f7fe52021-12-21 11:32:12.443root 11241100x8000000000000000539023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb8c697f60b2df252021-12-21 11:32:12.443root 11241100x8000000000000000539024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c02d6911fa0a86552021-12-21 11:32:12.443root 11241100x8000000000000000539025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a756278dcd5f98b2021-12-21 11:32:12.443root 11241100x8000000000000000539026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a57022ad53d8aeb2021-12-21 11:32:12.443root 11241100x8000000000000000539027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58f2caac73bcf1142021-12-21 11:32:12.443root 11241100x8000000000000000539028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.975aa83a9b7f947c2021-12-21 11:32:12.443root 11241100x8000000000000000539029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2860d58e0b3a51012021-12-21 11:32:12.444root 11241100x8000000000000000539030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa684e860c7b546f2021-12-21 11:32:12.444root 11241100x8000000000000000539031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4ee3bfaabd707282021-12-21 11:32:12.444root 11241100x8000000000000000539032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7385803ae90c0d6c2021-12-21 11:32:12.444root 11241100x8000000000000000539033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.460b4550033bda602021-12-21 11:32:12.444root 11241100x8000000000000000539034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a07e8dba4b1594982021-12-21 11:32:12.444root 11241100x8000000000000000539035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e608b7d4cbc95f72021-12-21 11:32:12.444root 11241100x8000000000000000539036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f94198b489eb5f102021-12-21 11:32:12.444root 11241100x8000000000000000539037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9aca1e309bf12b42021-12-21 11:32:12.444root 11241100x8000000000000000539038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78ee21070dfd03442021-12-21 11:32:12.444root 11241100x8000000000000000539039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8409471f5f4e1662021-12-21 11:32:12.444root 11241100x8000000000000000539040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec5d64c1e2af68542021-12-21 11:32:12.445root 11241100x8000000000000000539041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b895dee0335c652021-12-21 11:32:12.445root 11241100x8000000000000000539042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f7744fd705512fc2021-12-21 11:32:12.445root 11241100x8000000000000000539043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e6a1ef61cb6e16e2021-12-21 11:32:12.445root 11241100x8000000000000000539044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80891d7308b2befc2021-12-21 11:32:12.445root 11241100x8000000000000000539045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b5e4dd85de851af2021-12-21 11:32:12.445root 11241100x8000000000000000539046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6719a7f547c5e88a2021-12-21 11:32:12.445root 11241100x8000000000000000539047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56f7a938558520802021-12-21 11:32:12.445root 11241100x8000000000000000539048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5f5d6f72dbf6ce72021-12-21 11:32:12.445root 11241100x8000000000000000539049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34d8df15458799a32021-12-21 11:32:12.445root 11241100x8000000000000000539050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25d5c1b713f353a92021-12-21 11:32:12.445root 11241100x8000000000000000539051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d7b99e19ea52ebc2021-12-21 11:32:12.445root 11241100x8000000000000000539052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1756e216a5e463842021-12-21 11:32:12.446root 11241100x8000000000000000539053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c164d199760a38aa2021-12-21 11:32:12.446root 11241100x8000000000000000539054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99a57f7864e019622021-12-21 11:32:12.943root 11241100x8000000000000000539055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc1c702cb2b6eddd2021-12-21 11:32:12.943root 11241100x8000000000000000539056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28f1a7fd713654da2021-12-21 11:32:12.943root 11241100x8000000000000000539057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f7827cba1de35a12021-12-21 11:32:12.943root 11241100x8000000000000000539058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80ebe511403feea32021-12-21 11:32:12.943root 11241100x8000000000000000539059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.568d9d1fe6b8ed432021-12-21 11:32:12.943root 11241100x8000000000000000539060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34cb66b7ddc2a18f2021-12-21 11:32:12.943root 11241100x8000000000000000539061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bcf94ab9552182a2021-12-21 11:32:12.944root 11241100x8000000000000000539062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8712845e064aafca2021-12-21 11:32:12.944root 11241100x8000000000000000539063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec9367729e69faca2021-12-21 11:32:12.944root 11241100x8000000000000000539064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a88ba34355c2972b2021-12-21 11:32:12.944root 11241100x8000000000000000539065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de68cb88f3ffe3622021-12-21 11:32:12.944root 11241100x8000000000000000539066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6d080f5938688712021-12-21 11:32:12.944root 11241100x8000000000000000539067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b86d9f9f6232d5db2021-12-21 11:32:12.944root 11241100x8000000000000000539068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd0b03ee39185a692021-12-21 11:32:12.944root 11241100x8000000000000000539069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b22c9560c2c2cf42021-12-21 11:32:12.944root 11241100x8000000000000000539070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5404fb5e3d618fd2021-12-21 11:32:12.944root 11241100x8000000000000000539071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03beb38e8ccef6ba2021-12-21 11:32:12.945root 11241100x8000000000000000539072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa6c355a0ea0bc082021-12-21 11:32:12.945root 11241100x8000000000000000539073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4e15d7df045179c2021-12-21 11:32:12.945root 11241100x8000000000000000539074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6001ef9c5de73872021-12-21 11:32:12.945root 11241100x8000000000000000539075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea9ea2aea315c1202021-12-21 11:32:12.945root 11241100x8000000000000000539076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b03a26937813fb542021-12-21 11:32:12.945root 11241100x8000000000000000539077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0ec8ccb0189e4912021-12-21 11:32:12.945root 11241100x8000000000000000539078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.467b2ed34d9992fb2021-12-21 11:32:12.945root 11241100x8000000000000000539079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90d5134497f832332021-12-21 11:32:12.945root 11241100x8000000000000000539080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40527dc088164c712021-12-21 11:32:12.945root 11241100x8000000000000000539081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6effcfcdba6558f22021-12-21 11:32:12.946root 11241100x8000000000000000539082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a893e87ea3b55f952021-12-21 11:32:12.946root 11241100x8000000000000000539083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d794b9c9d15d2762021-12-21 11:32:12.946root 11241100x8000000000000000539084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a576c30a2978fd82021-12-21 11:32:12.946root 11241100x8000000000000000539085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a04cf2a543be5ea12021-12-21 11:32:12.946root 11241100x8000000000000000539086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa5f299321766ad22021-12-21 11:32:12.946root 11241100x8000000000000000539087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b99c0efce71facc92021-12-21 11:32:12.946root 11241100x8000000000000000539088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2581397cf24967d72021-12-21 11:32:12.946root 11241100x8000000000000000539089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23dd8968154fbe152021-12-21 11:32:12.946root 11241100x8000000000000000539090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d44d304f1cd20162021-12-21 11:32:12.946root 11241100x8000000000000000539091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1e47d95a76b4bce2021-12-21 11:32:12.946root 11241100x8000000000000000539092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd5820434080983d2021-12-21 11:32:13.443root 11241100x8000000000000000539093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d55eca1da2ccb7fc2021-12-21 11:32:13.443root 11241100x8000000000000000539094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e267bc4f93070b2021-12-21 11:32:13.443root 11241100x8000000000000000539095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cef292119b2f8a82021-12-21 11:32:13.443root 11241100x8000000000000000539096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f7d49991b47147d2021-12-21 11:32:13.444root 11241100x8000000000000000539097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66cffb095b83c3082021-12-21 11:32:13.444root 11241100x8000000000000000539098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3333492281daf40f2021-12-21 11:32:13.444root 11241100x8000000000000000539099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.383442042c1c0a5b2021-12-21 11:32:13.444root 11241100x8000000000000000539100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea83eba029d7c2d2021-12-21 11:32:13.444root 11241100x8000000000000000539101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46375687340eee8f2021-12-21 11:32:13.444root 11241100x8000000000000000539102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.981ae885e77289632021-12-21 11:32:13.444root 11241100x8000000000000000539103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15be15ed5b3c93012021-12-21 11:32:13.444root 11241100x8000000000000000539104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3063c6695b2c3d32021-12-21 11:32:13.444root 11241100x8000000000000000539105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49f795f24f1471ee2021-12-21 11:32:13.444root 11241100x8000000000000000539106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26522a9247f4f7eb2021-12-21 11:32:13.444root 11241100x8000000000000000539107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f51eab031f053fe82021-12-21 11:32:13.445root 11241100x8000000000000000539108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e577e8b10eeffc82021-12-21 11:32:13.445root 11241100x8000000000000000539109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c428313bed6d9a62021-12-21 11:32:13.445root 11241100x8000000000000000539110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8482a053ab21acc92021-12-21 11:32:13.445root 11241100x8000000000000000539111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69a9fb588b6e32f42021-12-21 11:32:13.445root 11241100x8000000000000000539112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63a87ed516fabfdb2021-12-21 11:32:13.445root 11241100x8000000000000000539113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d021b0063631d6112021-12-21 11:32:13.445root 11241100x8000000000000000539114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3f1c362d901b97c2021-12-21 11:32:13.445root 11241100x8000000000000000539115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3432745b7bff60d2021-12-21 11:32:13.445root 11241100x8000000000000000539116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.637b66e211d958d72021-12-21 11:32:13.445root 11241100x8000000000000000539117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb78303ddd0ee8502021-12-21 11:32:13.446root 11241100x8000000000000000539118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd6be12f316a1ef02021-12-21 11:32:13.446root 11241100x8000000000000000539119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01963865306648e52021-12-21 11:32:13.446root 11241100x8000000000000000539120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f76c87ae08c6722021-12-21 11:32:13.446root 11241100x8000000000000000539121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b63d6567842a1192021-12-21 11:32:13.943root 11241100x8000000000000000539122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.752f2d8d587fa9392021-12-21 11:32:13.943root 11241100x8000000000000000539123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3894653e8eb21a62021-12-21 11:32:13.943root 11241100x8000000000000000539124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dde8239d54c2cad22021-12-21 11:32:13.943root 11241100x8000000000000000539125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7e33325c762b8e62021-12-21 11:32:13.943root 11241100x8000000000000000539126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e158d51acca44d602021-12-21 11:32:13.943root 11241100x8000000000000000539127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c6b6a4c7c2173ff2021-12-21 11:32:13.943root 11241100x8000000000000000539128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d72391b4bb4308a2021-12-21 11:32:13.944root 11241100x8000000000000000539129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d81dbd63d2a4fe352021-12-21 11:32:13.944root 11241100x8000000000000000539130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32b50bd70d93cb872021-12-21 11:32:13.944root 11241100x8000000000000000539131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79eea368fac833bc2021-12-21 11:32:13.944root 11241100x8000000000000000539132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3292a0ef5c5987352021-12-21 11:32:13.944root 11241100x8000000000000000539133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081b78b8fc0e6b4d2021-12-21 11:32:13.944root 11241100x8000000000000000539134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ec703ba7c997b4b2021-12-21 11:32:13.944root 11241100x8000000000000000539135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c74cf7026c2d3b652021-12-21 11:32:13.944root 11241100x8000000000000000539136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f8c30a41d1fe0772021-12-21 11:32:13.944root 11241100x8000000000000000539137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d48b2cd088c08c42021-12-21 11:32:13.944root 11241100x8000000000000000539138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.811a6fbdd7bccc552021-12-21 11:32:13.944root 11241100x8000000000000000539139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.446e23691a275d2b2021-12-21 11:32:13.944root 11241100x8000000000000000539140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43f545345ef51b462021-12-21 11:32:13.944root 11241100x8000000000000000539141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd7b119782a5e0532021-12-21 11:32:13.944root 11241100x8000000000000000539142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29061205199f10022021-12-21 11:32:13.944root 11241100x8000000000000000539143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35843835b12d55b52021-12-21 11:32:13.945root 11241100x8000000000000000539144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c892f5d6d2d7f8572021-12-21 11:32:13.945root 11241100x8000000000000000539145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d34a7c942d6d26d12021-12-21 11:32:13.945root 11241100x8000000000000000539146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5854d65d92859d52021-12-21 11:32:13.945root 11241100x8000000000000000539147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c83ec4938b9cc9272021-12-21 11:32:13.945root 11241100x8000000000000000539148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.012b27eadde310632021-12-21 11:32:13.945root 11241100x8000000000000000539149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.163dec123afaa36f2021-12-21 11:32:13.945root 11241100x8000000000000000539150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b94efa70bd1be472021-12-21 11:32:14.443root 11241100x8000000000000000539151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bff919291d2d15a62021-12-21 11:32:14.443root 11241100x8000000000000000539152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fecf3d631d5b65312021-12-21 11:32:14.444root 11241100x8000000000000000539153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39269b9ec0476a892021-12-21 11:32:14.444root 11241100x8000000000000000539154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbd64311815ab2032021-12-21 11:32:14.444root 11241100x8000000000000000539155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42ee706b24491ca92021-12-21 11:32:14.444root 11241100x8000000000000000539156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.569cb1749b72423d2021-12-21 11:32:14.444root 11241100x8000000000000000539157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b27318e20dd7fce2021-12-21 11:32:14.444root 11241100x8000000000000000539158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dd4d6803dd90a672021-12-21 11:32:14.444root 11241100x8000000000000000539159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8c98a08c3b09e122021-12-21 11:32:14.444root 11241100x8000000000000000539160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5b06de3e298998a2021-12-21 11:32:14.444root 11241100x8000000000000000539161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ba574317fe5f3d2021-12-21 11:32:14.444root 11241100x8000000000000000539162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0464ca4ba562f002021-12-21 11:32:14.444root 11241100x8000000000000000539163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bfc8d703f1581462021-12-21 11:32:14.444root 11241100x8000000000000000539164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d97e948ec119ed382021-12-21 11:32:14.444root 11241100x8000000000000000539165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c316f702f8db9dd2021-12-21 11:32:14.445root 11241100x8000000000000000539166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55a9bbe13b867e142021-12-21 11:32:14.445root 11241100x8000000000000000539167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf156d6cf108189d2021-12-21 11:32:14.445root 11241100x8000000000000000539168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b759a0f5278bd702021-12-21 11:32:14.445root 11241100x8000000000000000539169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5490366196a4ece12021-12-21 11:32:14.445root 11241100x8000000000000000539170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ef877a41cf6bb682021-12-21 11:32:14.445root 11241100x8000000000000000539171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc3cdd4b30f633292021-12-21 11:32:14.445root 11241100x8000000000000000539172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.671c55bcbf44fd572021-12-21 11:32:14.445root 11241100x8000000000000000539173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.730a83c5897fb8d92021-12-21 11:32:14.445root 11241100x8000000000000000539174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf028cfcc00c4db72021-12-21 11:32:14.445root 11241100x8000000000000000539175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb5202b3fc9916462021-12-21 11:32:14.445root 11241100x8000000000000000539176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f45abe9a17fdf182021-12-21 11:32:14.445root 11241100x8000000000000000539177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9310b3ec134841ad2021-12-21 11:32:14.445root 11241100x8000000000000000539178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eafdebc3c4ec6872021-12-21 11:32:14.445root 11241100x8000000000000000539179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.454f8d0ee176363f2021-12-21 11:32:14.943root 11241100x8000000000000000539180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f96cd87ca98430bd2021-12-21 11:32:14.943root 11241100x8000000000000000539181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.581e727ca7890df52021-12-21 11:32:14.943root 11241100x8000000000000000539182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e26fd03e11cc2be12021-12-21 11:32:14.943root 11241100x8000000000000000539183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caa76e9924e2fd8e2021-12-21 11:32:14.943root 11241100x8000000000000000539184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d8d9c1a7ad78a962021-12-21 11:32:14.944root 11241100x8000000000000000539185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b5d9095dd1f36312021-12-21 11:32:14.944root 11241100x8000000000000000539186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0f06b7b6ca184ae2021-12-21 11:32:14.944root 11241100x8000000000000000539187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.effcabd62bb188dd2021-12-21 11:32:14.944root 11241100x8000000000000000539188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed1b051576d08c1c2021-12-21 11:32:14.944root 11241100x8000000000000000539189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcc0eebfc1fc8f1c2021-12-21 11:32:14.945root 11241100x8000000000000000539190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada1f224e8dbe43e2021-12-21 11:32:14.945root 11241100x8000000000000000539191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8bcb3c854e85cc62021-12-21 11:32:14.945root 11241100x8000000000000000539192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf1bc140d75583f82021-12-21 11:32:14.945root 11241100x8000000000000000539193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a9bd67d8ea599222021-12-21 11:32:14.946root 11241100x8000000000000000539194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04146cefac61dfe62021-12-21 11:32:14.946root 11241100x8000000000000000539195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21c24600590b9b572021-12-21 11:32:14.947root 11241100x8000000000000000539196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c69859ae09cd5fde2021-12-21 11:32:14.947root 11241100x8000000000000000539197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e62d342e200663fb2021-12-21 11:32:14.947root 11241100x8000000000000000539198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1da04769fdeedbe02021-12-21 11:32:14.948root 11241100x8000000000000000539199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1915e0c3c68f97692021-12-21 11:32:14.948root 11241100x8000000000000000539200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a6ea3958582af832021-12-21 11:32:14.949root 11241100x8000000000000000539201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a364ae08e3500202021-12-21 11:32:14.949root 11241100x8000000000000000539202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49a40f5f9a203d2e2021-12-21 11:32:14.950root 11241100x8000000000000000539203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ade3c3140316e232021-12-21 11:32:14.951root 11241100x8000000000000000539204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.939cf89d89490cfa2021-12-21 11:32:14.951root 11241100x8000000000000000539205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28fc526dacd570212021-12-21 11:32:14.951root 11241100x8000000000000000539206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f4063725252f27d2021-12-21 11:32:14.951root 11241100x8000000000000000539207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ae4033d598f426b2021-12-21 11:32:14.952root 11241100x8000000000000000539208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.588d2bcc9a07788d2021-12-21 11:32:14.952root 11241100x8000000000000000539209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2e75e32f87a3bc92021-12-21 11:32:14.952root 11241100x8000000000000000539210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94caf1384c1e02112021-12-21 11:32:14.952root 354300x8000000000000000539211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.233{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48680-false10.0.1.12-8000- 11241100x8000000000000000539212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcc80076789dee142021-12-21 11:32:15.235root 11241100x8000000000000000539213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cf567f89f6a99442021-12-21 11:32:15.235root 11241100x8000000000000000539214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2a1387483a779dc2021-12-21 11:32:15.235root 11241100x8000000000000000539215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1502e554bfc701e2021-12-21 11:32:15.235root 11241100x8000000000000000539216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eede82b619548d172021-12-21 11:32:15.235root 11241100x8000000000000000539217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe02d851252e4f5a2021-12-21 11:32:15.235root 11241100x8000000000000000539218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e7896ac16b228e72021-12-21 11:32:15.235root 11241100x8000000000000000539219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9b419c2ae360bc22021-12-21 11:32:15.235root 11241100x8000000000000000539220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0190effbefe5fe982021-12-21 11:32:15.235root 11241100x8000000000000000539221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1503503a1ee49f32021-12-21 11:32:15.235root 11241100x8000000000000000539222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b69fa8e79e405982021-12-21 11:32:15.236root 11241100x8000000000000000539223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa345c81ae063e102021-12-21 11:32:15.236root 11241100x8000000000000000539224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ce06a093cc74a692021-12-21 11:32:15.236root 11241100x8000000000000000539225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d14d9b537e9177a2021-12-21 11:32:15.236root 11241100x8000000000000000539226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0427471d6cf79982021-12-21 11:32:15.236root 11241100x8000000000000000539227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3b797443ca364b92021-12-21 11:32:15.236root 11241100x8000000000000000539228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74626a76444975f42021-12-21 11:32:15.236root 11241100x8000000000000000539229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.186ea554cf9527f42021-12-21 11:32:15.236root 11241100x8000000000000000539230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7460ddf79dd479912021-12-21 11:32:15.236root 11241100x8000000000000000539231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68643f6c79d7513a2021-12-21 11:32:15.236root 11241100x8000000000000000539232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9409fd7e8a598ccf2021-12-21 11:32:15.237root 11241100x8000000000000000539233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da460c92ace78e4e2021-12-21 11:32:15.237root 11241100x8000000000000000539234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b9b2f565146115f2021-12-21 11:32:15.237root 11241100x8000000000000000539235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa572fe053993d2a2021-12-21 11:32:15.237root 11241100x8000000000000000539236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1efbf5ab6d455f8b2021-12-21 11:32:15.237root 11241100x8000000000000000539237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65aed3571482b01d2021-12-21 11:32:15.237root 11241100x8000000000000000539238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8e9bac81dbfeb162021-12-21 11:32:15.237root 11241100x8000000000000000539239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.791d941d5603ec6f2021-12-21 11:32:15.237root 11241100x8000000000000000539240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.839f4ed0425156302021-12-21 11:32:15.237root 11241100x8000000000000000539241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0e056ca778e83602021-12-21 11:32:15.238root 11241100x8000000000000000539242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f20daf881341783b2021-12-21 11:32:15.238root 11241100x8000000000000000539243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4a741d3e3531ac12021-12-21 11:32:15.238root 11241100x8000000000000000539244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fdf6a5e08bcd37e2021-12-21 11:32:15.238root 11241100x8000000000000000539245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9a61496d0b1efba2021-12-21 11:32:15.238root 11241100x8000000000000000539246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.614a76a20a93f5232021-12-21 11:32:15.238root 11241100x8000000000000000539247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.364440bee76c51e32021-12-21 11:32:15.238root 11241100x8000000000000000539248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a5cc0ec83f8c882021-12-21 11:32:15.238root 11241100x8000000000000000539249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.617edaeb1ea2c7812021-12-21 11:32:15.238root 11241100x8000000000000000539250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.927080ec74cbfa392021-12-21 11:32:15.238root 11241100x8000000000000000539251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70180622fe1fb0152021-12-21 11:32:15.239root 11241100x8000000000000000539252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2b6d8015c98aaa32021-12-21 11:32:15.239root 11241100x8000000000000000539253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e22e7e8636b5c8542021-12-21 11:32:15.239root 11241100x8000000000000000539254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2266c184e2392b792021-12-21 11:32:15.239root 11241100x8000000000000000539255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c02dacd092923e72021-12-21 11:32:15.239root 11241100x8000000000000000539256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3318a78edd45bb652021-12-21 11:32:15.693root 11241100x8000000000000000539257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02777f86475b36d72021-12-21 11:32:15.693root 11241100x8000000000000000539258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d46df765286f7302021-12-21 11:32:15.693root 11241100x8000000000000000539259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5137dd1fe2a288582021-12-21 11:32:15.693root 11241100x8000000000000000539260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49c97255742d211e2021-12-21 11:32:15.693root 11241100x8000000000000000539261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6adc6692b69d4aaf2021-12-21 11:32:15.693root 11241100x8000000000000000539262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1876fe9df22870b12021-12-21 11:32:15.694root 11241100x8000000000000000539263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe76ea1997b7a6dc2021-12-21 11:32:15.694root 11241100x8000000000000000539264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff239ac0a14d56802021-12-21 11:32:15.694root 11241100x8000000000000000539265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16986fb501566ad62021-12-21 11:32:15.694root 11241100x8000000000000000539266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.116b390b1c3ff3f42021-12-21 11:32:15.694root 11241100x8000000000000000539267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ed8a37b8df6ec3c2021-12-21 11:32:15.694root 11241100x8000000000000000539268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.062bf5cd62e7ee3f2021-12-21 11:32:15.694root 11241100x8000000000000000539269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.608a12afae8a8cf72021-12-21 11:32:15.694root 11241100x8000000000000000539270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2168f1fb85a16a022021-12-21 11:32:15.694root 11241100x8000000000000000539271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afeacab90bd234722021-12-21 11:32:15.694root 11241100x8000000000000000539272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0c07e4028cb068f2021-12-21 11:32:15.694root 11241100x8000000000000000539273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be3b427bd94e83462021-12-21 11:32:15.694root 11241100x8000000000000000539274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a303dfe70e476bd2021-12-21 11:32:15.694root 11241100x8000000000000000539275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8de85a9bdea1712e2021-12-21 11:32:15.694root 11241100x8000000000000000539276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8079dcc907de6bd2021-12-21 11:32:15.694root 11241100x8000000000000000539277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a7639e8936a2d862021-12-21 11:32:15.695root 11241100x8000000000000000539278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.371fba5adfa2cbc52021-12-21 11:32:15.695root 11241100x8000000000000000539279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bd3d70321ed7e6e2021-12-21 11:32:15.695root 11241100x8000000000000000539280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8bbf2dfff9569132021-12-21 11:32:15.695root 11241100x8000000000000000539281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adc964cf59e272cd2021-12-21 11:32:15.695root 11241100x8000000000000000539282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45d6ce809c17fd642021-12-21 11:32:15.695root 11241100x8000000000000000539283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4726ed444c1828a22021-12-21 11:32:15.695root 11241100x8000000000000000539284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bdb794002f540eb2021-12-21 11:32:15.695root 11241100x8000000000000000539285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4311c02cccd009912021-12-21 11:32:15.695root 11241100x8000000000000000539286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.391bde1cc260e53b2021-12-21 11:32:16.193root 11241100x8000000000000000539287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9c98024fb7e19a32021-12-21 11:32:16.193root 11241100x8000000000000000539288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5747c536e11dbf412021-12-21 11:32:16.193root 11241100x8000000000000000539289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e00dcd2882bd84902021-12-21 11:32:16.193root 11241100x8000000000000000539290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf526095c0c46b322021-12-21 11:32:16.194root 11241100x8000000000000000539291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6922ea20d5e6ab32021-12-21 11:32:16.194root 11241100x8000000000000000539292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a10578756d10fbe32021-12-21 11:32:16.194root 11241100x8000000000000000539293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc8074e8334bd2f2021-12-21 11:32:16.194root 11241100x8000000000000000539294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5dab895097fb69c2021-12-21 11:32:16.194root 11241100x8000000000000000539295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42f937cf65641c832021-12-21 11:32:16.194root 11241100x8000000000000000539296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8409e66ecc630ea2021-12-21 11:32:16.194root 11241100x8000000000000000539297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9847ce9536f54a0d2021-12-21 11:32:16.194root 11241100x8000000000000000539298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81ccfb0ce97fed4f2021-12-21 11:32:16.194root 11241100x8000000000000000539299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f8282f27b3a10462021-12-21 11:32:16.194root 11241100x8000000000000000539300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2230c836552b73082021-12-21 11:32:16.194root 11241100x8000000000000000539301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05e8262cd4fbfc202021-12-21 11:32:16.194root 11241100x8000000000000000539302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aeefff4422f7b692021-12-21 11:32:16.194root 11241100x8000000000000000539303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeaa937da6e04f0f2021-12-21 11:32:16.194root 11241100x8000000000000000539304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8593c9f08d06b152021-12-21 11:32:16.194root 11241100x8000000000000000539305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca370e0a8667a552021-12-21 11:32:16.195root 11241100x8000000000000000539306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5aae012c668eafd2021-12-21 11:32:16.195root 11241100x8000000000000000539307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51786c56b9d79c7b2021-12-21 11:32:16.195root 11241100x8000000000000000539308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9656b40c2066e2e2021-12-21 11:32:16.195root 11241100x8000000000000000539309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac3745ce2b1ddd032021-12-21 11:32:16.195root 11241100x8000000000000000539310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11919e0b1cb0a4a62021-12-21 11:32:16.195root 11241100x8000000000000000539311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b8f357c810ec672021-12-21 11:32:16.195root 11241100x8000000000000000539312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a36c4fa516537c3c2021-12-21 11:32:16.195root 11241100x8000000000000000539313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1d523c3318e8eab2021-12-21 11:32:16.195root 11241100x8000000000000000539314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f629d1e2523be282021-12-21 11:32:16.195root 11241100x8000000000000000539315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d28823907670c712021-12-21 11:32:16.195root 11241100x8000000000000000539316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.493f0c2132dec5cb2021-12-21 11:32:16.195root 11241100x8000000000000000539317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4363f6f06d199ec92021-12-21 11:32:16.195root 11241100x8000000000000000539318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c7d3a59f34094742021-12-21 11:32:16.195root 11241100x8000000000000000539319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d789ae01e1c79672021-12-21 11:32:16.195root 11241100x8000000000000000539320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.084eca53ecd03ac92021-12-21 11:32:16.196root 11241100x8000000000000000539321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55ec6536ab1df8cb2021-12-21 11:32:16.196root 11241100x8000000000000000539322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e24c29253bbadcca2021-12-21 11:32:16.196root 11241100x8000000000000000539323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.645c83d12c7eeb102021-12-21 11:32:16.196root 11241100x8000000000000000539324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a34a4022ad82fd252021-12-21 11:32:16.196root 11241100x8000000000000000539325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.443f13cfb66626022021-12-21 11:32:16.693root 11241100x8000000000000000539326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54ab842065a519eb2021-12-21 11:32:16.694root 11241100x8000000000000000539327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.288739a92b4936492021-12-21 11:32:16.694root 11241100x8000000000000000539328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de4f1fe3b5099e642021-12-21 11:32:16.694root 11241100x8000000000000000539329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6533211fde355852021-12-21 11:32:16.694root 11241100x8000000000000000539330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.189a65c881428b142021-12-21 11:32:16.694root 11241100x8000000000000000539331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87635b0d822fd9ae2021-12-21 11:32:16.694root 11241100x8000000000000000539332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52235b818fa559372021-12-21 11:32:16.694root 11241100x8000000000000000539333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ec4c1d8c4b8d7732021-12-21 11:32:16.694root 11241100x8000000000000000539334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0b8876d84e455282021-12-21 11:32:16.694root 11241100x8000000000000000539335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b8bbc475b83a4b12021-12-21 11:32:16.694root 11241100x8000000000000000539336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4882f34266212f4f2021-12-21 11:32:16.694root 11241100x8000000000000000539337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c996c613215edce22021-12-21 11:32:16.694root 11241100x8000000000000000539338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3df87e642ae84222021-12-21 11:32:16.695root 11241100x8000000000000000539339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1babbaaa7d0b601e2021-12-21 11:32:16.695root 11241100x8000000000000000539340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e0cb82e5273dbb92021-12-21 11:32:16.695root 11241100x8000000000000000539341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b90a4abc396251862021-12-21 11:32:16.695root 11241100x8000000000000000539342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f460df1e6fa02332021-12-21 11:32:16.695root 11241100x8000000000000000539343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e967bb7c31460352021-12-21 11:32:16.695root 11241100x8000000000000000539344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e09a5ce49e9baa872021-12-21 11:32:16.695root 11241100x8000000000000000539345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25515f0cb4d9af6f2021-12-21 11:32:16.695root 11241100x8000000000000000539346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e3a3b4ae0d09a232021-12-21 11:32:16.695root 11241100x8000000000000000539347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d22cbe6006412bd2021-12-21 11:32:16.695root 11241100x8000000000000000539348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.192d6a73ed7e3ec22021-12-21 11:32:16.695root 11241100x8000000000000000539349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7deb5cde347310ce2021-12-21 11:32:16.695root 11241100x8000000000000000539350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c54ad5b8b9ec49b92021-12-21 11:32:16.695root 11241100x8000000000000000539351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6d1fddca147a0192021-12-21 11:32:16.696root 11241100x8000000000000000539352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc536d112bf6e1c72021-12-21 11:32:16.696root 11241100x8000000000000000539353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1613c7e85811b5132021-12-21 11:32:16.696root 11241100x8000000000000000539354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.013f73b0ee7f13f92021-12-21 11:32:16.696root 11241100x8000000000000000539355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c71d5799c3cf1f92021-12-21 11:32:17.193root 11241100x8000000000000000539356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.389daffa62813d332021-12-21 11:32:17.193root 11241100x8000000000000000539357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:17.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12867681b974c4002021-12-21 11:32:17.194root 11241100x8000000000000000539358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:17.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9568f0b8cb00f78b2021-12-21 11:32:17.194root 11241100x8000000000000000539359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:17.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dafdd7cf7af9de22021-12-21 11:32:17.194root 11241100x8000000000000000539360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:17.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0d5407470298c8f2021-12-21 11:32:17.194root 11241100x8000000000000000539361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:17.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a98bfde22a7d13e42021-12-21 11:32:17.194root 11241100x8000000000000000539362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:17.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4280c4bc89ea0e9a2021-12-21 11:32:17.194root 11241100x8000000000000000539363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:17.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95481ef35a45c3ae2021-12-21 11:32:17.194root 11241100x8000000000000000539364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:17.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b14d180a5d8da112021-12-21 11:32:17.194root 11241100x8000000000000000539365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:17.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2883e3a2f1f12aad2021-12-21 11:32:17.194root 11241100x8000000000000000539366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:17.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f91f2cfb5a9f7f082021-12-21 11:32:17.194root 11241100x8000000000000000539367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:17.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7b2ff60964a26c62021-12-21 11:32:17.194root 11241100x8000000000000000539368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:17.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83abf105296d3f9e2021-12-21 11:32:17.194root 11241100x8000000000000000539369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:17.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26fafb3d63bd5e0e2021-12-21 11:32:17.195root 11241100x8000000000000000539370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:17.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbd23ae86ae184f62021-12-21 11:32:17.195root 11241100x8000000000000000539371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:17.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e20a3604288113412021-12-21 11:32:17.195root 11241100x8000000000000000539372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:17.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddb64f2e9f9ac0742021-12-21 11:32:17.195root 11241100x8000000000000000539373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:17.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85d8c1df2436b1f62021-12-21 11:32:17.195root 11241100x8000000000000000539374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:17.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6709a2655e32c0c12021-12-21 11:32:17.195root 11241100x8000000000000000539375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:17.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87522474ec82223c2021-12-21 11:32:17.195root 11241100x8000000000000000539376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:17.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f13ebddc1660cfe2021-12-21 11:32:17.195root 11241100x8000000000000000539377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:17.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.517cb0375957e4742021-12-21 11:32:17.196root 11241100x8000000000000000539378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:17.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.945df9590c283e3e2021-12-21 11:32:17.196root 11241100x8000000000000000539379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:17.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc490ddcef1f6d9c2021-12-21 11:32:17.196root 11241100x8000000000000000539380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:17.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1a60cc1b74d35cf2021-12-21 11:32:17.196root 11241100x8000000000000000539381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:17.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64addd07700f59d22021-12-21 11:32:17.196root 11241100x8000000000000000539382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:17.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79929b6c8b2337212021-12-21 11:32:17.196root 11241100x8000000000000000539383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:17.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9a050c465d459252021-12-21 11:32:17.196root 11241100x8000000000000000539384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:17.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4410d0ea513aacf2021-12-21 11:32:17.196root 11241100x8000000000000000539385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.505f994ac0e340cd2021-12-21 11:32:17.693root 11241100x8000000000000000539386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b3038b71dfdf7692021-12-21 11:32:17.693root 11241100x8000000000000000539427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:36.326{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 11:32:36.326root 11241100x8000000000000000539428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:36.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0282ddf4156aa962021-12-21 11:32:36.692root 11241100x8000000000000000539429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:37.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4acd52500a2b19de2021-12-21 11:32:37.192root 11241100x8000000000000000539430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:37.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9a8c13618cc79ff2021-12-21 11:32:37.692root 354300x8000000000000000539431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:38.126{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48698-false10.0.1.12-8000- 11241100x8000000000000000539432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:38.127{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2ae6df7613184812021-12-21 11:32:38.127root 11241100x8000000000000000539433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:38.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73aaa8370d0854a62021-12-21 11:32:38.442root 11241100x8000000000000000539434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fbc1ea75b23c68b2021-12-21 11:32:38.443root 11241100x8000000000000000539435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:38.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1e95ed14dc278172021-12-21 11:32:38.942root 11241100x8000000000000000539436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82ee5447ed1477962021-12-21 11:32:38.943root 23542300x8000000000000000539437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:39.329{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000539438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:39.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90b9b3e07bfedd432021-12-21 11:32:39.329root 11241100x8000000000000000539439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:39.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2446915fc2698bb92021-12-21 11:32:39.329root 11241100x8000000000000000539440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:39.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be08bdd2d44454732021-12-21 11:32:39.329root 11241100x8000000000000000539441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:39.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.514974ed1f3791ff2021-12-21 11:32:39.692root 11241100x8000000000000000539442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d05e1944c410678f2021-12-21 11:32:39.693root 11241100x8000000000000000539443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01b0ac291cf72be62021-12-21 11:32:39.693root 11241100x8000000000000000539444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:40.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e464fbf479392b2021-12-21 11:32:40.192root 11241100x8000000000000000539445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7df7474fa55034462021-12-21 11:32:40.193root 11241100x8000000000000000539446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed66fed6834647282021-12-21 11:32:40.193root 11241100x8000000000000000539447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:40.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd58548dfd76bd042021-12-21 11:32:40.692root 11241100x8000000000000000539448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14649d55ef4d07332021-12-21 11:32:40.693root 11241100x8000000000000000539449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.606ab93b3ff80d252021-12-21 11:32:40.693root 11241100x8000000000000000539450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbd748a4e7e6ac6e2021-12-21 11:32:41.193root 11241100x8000000000000000539451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.129f965369c898cd2021-12-21 11:32:41.193root 11241100x8000000000000000539452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7182e26a349cb602021-12-21 11:32:41.194root 11241100x8000000000000000539453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:41.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05e76d844cc90fad2021-12-21 11:32:41.692root 11241100x8000000000000000539454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b6e74cea2c857ea2021-12-21 11:32:41.693root 11241100x8000000000000000539455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6af6c0c4f511f3a2021-12-21 11:32:41.693root 11241100x8000000000000000539456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.830362a4f435eb662021-12-21 11:32:42.193root 11241100x8000000000000000539457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.691ac7b64d1491c22021-12-21 11:32:42.193root 11241100x8000000000000000539458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8c1a74b908c36a82021-12-21 11:32:42.193root 11241100x8000000000000000539459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:42.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.785cdc14f981d8fd2021-12-21 11:32:42.692root 11241100x8000000000000000539460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a04a16a30e8c09b2021-12-21 11:32:42.693root 11241100x8000000000000000539461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b116187d364d8bc2021-12-21 11:32:42.693root 11241100x8000000000000000539462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:43.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57ff8024ffb364a52021-12-21 11:32:43.192root 11241100x8000000000000000539463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81f4046f9c066ffa2021-12-21 11:32:43.193root 11241100x8000000000000000539464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.162743214fa5fa602021-12-21 11:32:43.193root 11241100x8000000000000000539465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ac782ab0d589d852021-12-21 11:32:43.693root 11241100x8000000000000000539466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a81376dace2c26c72021-12-21 11:32:43.693root 11241100x8000000000000000539467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69fc37db73ee271c2021-12-21 11:32:43.693root 354300x8000000000000000539468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:44.122{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48700-false10.0.1.12-8000- 11241100x8000000000000000539469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:44.122{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81bb9894109e44de2021-12-21 11:32:44.122root 11241100x8000000000000000539470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:44.122{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59214b0440482cc32021-12-21 11:32:44.122root 11241100x8000000000000000539471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:44.123{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.143f5a776a5e183f2021-12-21 11:32:44.123root 11241100x8000000000000000539472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2a4f244c701fd042021-12-21 11:32:44.443root 11241100x8000000000000000539473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebcb435c34b2ac482021-12-21 11:32:44.443root 11241100x8000000000000000539474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56b5dd24b9e264ff2021-12-21 11:32:44.443root 11241100x8000000000000000539475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90bbda6e3ea143552021-12-21 11:32:44.443root 11241100x8000000000000000539476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:44.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cd3d54a80a467de2021-12-21 11:32:44.942root 11241100x8000000000000000539477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da5318fccba639432021-12-21 11:32:44.943root 11241100x8000000000000000539478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2b42a80278890c32021-12-21 11:32:44.943root 11241100x8000000000000000539479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b665e287eee85eae2021-12-21 11:32:44.943root 11241100x8000000000000000539480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:45.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b76fb1bef45239e2021-12-21 11:32:45.442root 11241100x8000000000000000539481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2618bfa695eef9532021-12-21 11:32:45.443root 11241100x8000000000000000539482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96f418b9acaacc002021-12-21 11:32:45.443root 11241100x8000000000000000539483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c6358648ac62b302021-12-21 11:32:45.443root 11241100x8000000000000000539484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:45.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7bf5f6a1eae38e02021-12-21 11:32:45.942root 11241100x8000000000000000539485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56359d59f45cc3cd2021-12-21 11:32:45.943root 11241100x8000000000000000539486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed134148e41a8a562021-12-21 11:32:45.943root 11241100x8000000000000000539487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee711b500de10abd2021-12-21 11:32:45.943root 11241100x8000000000000000539488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:46.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.802b542c5159442e2021-12-21 11:32:46.442root 11241100x8000000000000000539489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2cce82e8671220b2021-12-21 11:32:46.443root 11241100x8000000000000000539490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e68a39220d50083a2021-12-21 11:32:46.443root 11241100x8000000000000000539491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11c8120ef3dda0dc2021-12-21 11:32:46.443root 11241100x8000000000000000539492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:46.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b9d1e757a84cfab2021-12-21 11:32:46.942root 11241100x8000000000000000539493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bf3aafff520443e2021-12-21 11:32:46.943root 11241100x8000000000000000539494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e379de431f6e1052021-12-21 11:32:46.943root 11241100x8000000000000000539495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.829f60067cc1569e2021-12-21 11:32:46.943root 11241100x8000000000000000539496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:47.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f38e043f48f9b11f2021-12-21 11:32:47.442root 11241100x8000000000000000539497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.347a7f8cd71ef16f2021-12-21 11:32:47.443root 11241100x8000000000000000539498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47da3410faba445d2021-12-21 11:32:47.443root 11241100x8000000000000000539499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a780c87929d66722021-12-21 11:32:47.443root 11241100x8000000000000000539500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:47.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af0f1958b546cf932021-12-21 11:32:47.942root 11241100x8000000000000000539501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbbb924c56bdad1c2021-12-21 11:32:47.943root 11241100x8000000000000000539502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8493f760faffb7d2021-12-21 11:32:47.943root 11241100x8000000000000000539503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c66cf291acd868d2021-12-21 11:32:47.943root 11241100x8000000000000000539504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:48.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee08f0f0ac566e62021-12-21 11:32:48.442root 11241100x8000000000000000539505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de1f98440c97d2b92021-12-21 11:32:48.443root 11241100x8000000000000000539506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ca37f9a68e6a732021-12-21 11:32:48.443root 11241100x8000000000000000539507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4c98ed96eea0f442021-12-21 11:32:48.443root 11241100x8000000000000000539508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:48.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.735f1d35942badbc2021-12-21 11:32:48.942root 11241100x8000000000000000539509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09b944c2593de9dd2021-12-21 11:32:48.943root 11241100x8000000000000000539510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4158b7918abc1caf2021-12-21 11:32:48.943root 11241100x8000000000000000539511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5f983fea6c4ed842021-12-21 11:32:48.943root 354300x8000000000000000539512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:49.182{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48702-false10.0.1.12-8000- 11241100x8000000000000000539513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8ed6a5f2c731ffb2021-12-21 11:32:49.443root 11241100x8000000000000000539514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b15625b4bc3fb0d2021-12-21 11:32:49.443root 11241100x8000000000000000539515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd5efbb92aeb05ec2021-12-21 11:32:49.443root 11241100x8000000000000000539516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f0c29a5960f28fa2021-12-21 11:32:49.443root 11241100x8000000000000000539517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a953c7942922c012021-12-21 11:32:49.443root 11241100x8000000000000000539518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47a6a01fd46473e62021-12-21 11:32:49.943root 11241100x8000000000000000539519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cb1d80e122502262021-12-21 11:32:49.943root 11241100x8000000000000000539520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35622d009f8e0e3a2021-12-21 11:32:49.943root 11241100x8000000000000000539521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12c4136be4eb6d3b2021-12-21 11:32:49.943root 11241100x8000000000000000539522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2897bb1abcb7563f2021-12-21 11:32:49.943root 11241100x8000000000000000539523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b9fb2f0654f19f2021-12-21 11:32:50.443root 11241100x8000000000000000539524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a68f89fb7a833652021-12-21 11:32:50.443root 11241100x8000000000000000539525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28cffcbecb1b88b92021-12-21 11:32:50.443root 11241100x8000000000000000539526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.466db632a72c8ebf2021-12-21 11:32:50.443root 11241100x8000000000000000539527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b034958e970b50c22021-12-21 11:32:50.443root 11241100x8000000000000000539528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55b3f33ce9b3e2232021-12-21 11:32:50.943root 11241100x8000000000000000539529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.851abd5a78e2f9972021-12-21 11:32:50.943root 11241100x8000000000000000539530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ac199721ca192582021-12-21 11:32:50.943root 11241100x8000000000000000539531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08c090fe862332b32021-12-21 11:32:50.943root 11241100x8000000000000000539532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c210e8b47edd0082021-12-21 11:32:50.943root 11241100x8000000000000000539533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59f932c7a35a2a292021-12-21 11:32:51.443root 11241100x8000000000000000539534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.486ab01e046b21402021-12-21 11:32:51.443root 11241100x8000000000000000539535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e97b700233d8ce72021-12-21 11:32:51.443root 11241100x8000000000000000539536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a2620fccd8b0ec82021-12-21 11:32:51.443root 11241100x8000000000000000539537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1ea4589a387e6382021-12-21 11:32:51.443root 11241100x8000000000000000539538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbc8aef46d5b071f2021-12-21 11:32:51.943root 11241100x8000000000000000539539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b65d38d0825a5ddb2021-12-21 11:32:51.943root 11241100x8000000000000000539540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c901c29b19c9c5192021-12-21 11:32:51.943root 11241100x8000000000000000539541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d5ece2d3e7b12c52021-12-21 11:32:51.943root 11241100x8000000000000000539542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b910159f34c101802021-12-21 11:32:51.943root 11241100x8000000000000000539543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:52.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ce1a266f5ab9c332021-12-21 11:32:52.442root 11241100x8000000000000000539544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d4f93b45370b1322021-12-21 11:32:52.443root 11241100x8000000000000000539545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55928015e0f2b1e52021-12-21 11:32:52.443root 11241100x8000000000000000539546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1ffe3097c01776f2021-12-21 11:32:52.443root 11241100x8000000000000000539547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71009229f1be722b2021-12-21 11:32:52.443root 11241100x8000000000000000539548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:52.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67f28e81443a2cdc2021-12-21 11:32:52.942root 11241100x8000000000000000539549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7410a6bcc864da702021-12-21 11:32:52.943root 11241100x8000000000000000539550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa3ca01775a83c9f2021-12-21 11:32:52.943root 11241100x8000000000000000539551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a481f44c42cb65092021-12-21 11:32:52.943root 11241100x8000000000000000539552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc396438fd2a547b2021-12-21 11:32:52.943root 11241100x8000000000000000539553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acc8f190eddf9c302021-12-21 11:32:53.443root 11241100x8000000000000000539554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.914ba21fef77beb42021-12-21 11:32:53.443root 11241100x8000000000000000539555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd98beb1513f03e72021-12-21 11:32:53.443root 11241100x8000000000000000539556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aad7e32522f843782021-12-21 11:32:53.443root 11241100x8000000000000000539557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a86dec24f2030162021-12-21 11:32:53.443root 11241100x8000000000000000539558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06b8c35463feb41e2021-12-21 11:32:53.943root 11241100x8000000000000000539559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb228088c58bcff82021-12-21 11:32:53.943root 11241100x8000000000000000539560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.636e815879315e142021-12-21 11:32:53.943root 11241100x8000000000000000539561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9492470040c7ae52021-12-21 11:32:53.943root 11241100x8000000000000000539562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68fe092e0fd5fd492021-12-21 11:32:53.943root 11241100x8000000000000000539563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56390c42724756892021-12-21 11:32:54.443root 11241100x8000000000000000539564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4d06a594525f5532021-12-21 11:32:54.443root 11241100x8000000000000000539565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15f6b46a71c5a9d82021-12-21 11:32:54.443root 11241100x8000000000000000539566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1377e7829d3928b2021-12-21 11:32:54.443root 11241100x8000000000000000539567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7376d8118b01bf952021-12-21 11:32:54.443root 11241100x8000000000000000539568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10a01df5909fcb592021-12-21 11:32:54.943root 11241100x8000000000000000539569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d704c1bf05f55e862021-12-21 11:32:54.943root 11241100x8000000000000000539570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5665aa793b5fd00e2021-12-21 11:32:54.943root 11241100x8000000000000000539571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb3679c8b86d868d2021-12-21 11:32:54.943root 11241100x8000000000000000539572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.896fec2ab60ee0c12021-12-21 11:32:54.943root 354300x8000000000000000539573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:55.016{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48704-false10.0.1.12-8000- 11241100x8000000000000000539574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e2b11a358abcd612021-12-21 11:32:55.443root 11241100x8000000000000000539575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0456a1022293fab2021-12-21 11:32:55.443root 11241100x8000000000000000539576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1715f70220a9e432021-12-21 11:32:55.443root 11241100x8000000000000000539577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f3ef4f12889c0f82021-12-21 11:32:55.443root 11241100x8000000000000000539578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86385bbb2d6a079e2021-12-21 11:32:55.443root 11241100x8000000000000000539579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.110435164ebe7d132021-12-21 11:32:55.443root 11241100x8000000000000000539580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e78b5f2d3322bf2c2021-12-21 11:32:55.943root 11241100x8000000000000000539581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f325270ce13f4f312021-12-21 11:32:55.943root 11241100x8000000000000000539582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e76590431b04b8392021-12-21 11:32:55.943root 11241100x8000000000000000539583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9e35fe9b3d3ffe92021-12-21 11:32:55.943root 11241100x8000000000000000539584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23a13fb17da68ba32021-12-21 11:32:55.943root 11241100x8000000000000000539585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b7afeed8fb04062021-12-21 11:32:55.943root 11241100x8000000000000000539586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1730d11766003e12021-12-21 11:32:56.443root 11241100x8000000000000000539587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b8ad133765b62ac2021-12-21 11:32:56.443root 11241100x8000000000000000539588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ec6033e4e77efa02021-12-21 11:32:56.443root 11241100x8000000000000000539589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a75d02ce6e1e7c4f2021-12-21 11:32:56.443root 11241100x8000000000000000539590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa7831bd8b516a62021-12-21 11:32:56.443root 11241100x8000000000000000539591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7af0babdc95dc0682021-12-21 11:32:56.443root 11241100x8000000000000000539592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f4273b5b9c368dc2021-12-21 11:32:56.943root 11241100x8000000000000000539593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.691a07c8de62f75e2021-12-21 11:32:56.943root 11241100x8000000000000000539594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a685702805232c272021-12-21 11:32:56.943root 11241100x8000000000000000539595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ca51a5dfb1cc5ab2021-12-21 11:32:56.943root 11241100x8000000000000000539596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f35e3299e407c09e2021-12-21 11:32:56.943root 11241100x8000000000000000539597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21a09b64de1636482021-12-21 11:32:56.943root 11241100x8000000000000000539598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4905f63d1f0c02ea2021-12-21 11:32:57.443root 11241100x8000000000000000539599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf8d1db8384100dc2021-12-21 11:32:57.443root 11241100x8000000000000000539600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7debeb37bef3f2f2021-12-21 11:32:57.443root 11241100x8000000000000000539601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4460c40db7d6723e2021-12-21 11:32:57.443root 11241100x8000000000000000539602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.270b6ef3210cb53b2021-12-21 11:32:57.443root 11241100x8000000000000000539603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d8de72d3bf97fe22021-12-21 11:32:57.443root 11241100x8000000000000000539604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.437f7bee89a771382021-12-21 11:32:57.943root 11241100x8000000000000000539605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8a86bf0e6a5716b2021-12-21 11:32:57.943root 11241100x8000000000000000539606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f2442410eea0e032021-12-21 11:32:57.943root 11241100x8000000000000000539607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a64928594de14cb42021-12-21 11:32:57.943root 11241100x8000000000000000539608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46efa766c25be0082021-12-21 11:32:57.943root 11241100x8000000000000000539609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6a4738d423493042021-12-21 11:32:57.943root 11241100x8000000000000000539610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73ac9978c8ccac7b2021-12-21 11:32:58.443root 11241100x8000000000000000539611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.516a297354b3da4c2021-12-21 11:32:58.443root 11241100x8000000000000000539612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaf56ae2dd5a4a362021-12-21 11:32:58.443root 11241100x8000000000000000539613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e04f85379d3b03912021-12-21 11:32:58.443root 11241100x8000000000000000539614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5af3f5be3747fa242021-12-21 11:32:58.443root 11241100x8000000000000000539615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6d4a7f6638506732021-12-21 11:32:58.443root 11241100x8000000000000000539616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.856b996f497524332021-12-21 11:32:58.943root 11241100x8000000000000000539617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.834187e9826be77b2021-12-21 11:32:58.943root 11241100x8000000000000000539618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b8e3cce675a4d012021-12-21 11:32:58.943root 11241100x8000000000000000539619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2396671bd3898d5f2021-12-21 11:32:58.943root 11241100x8000000000000000539620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9749b79f510fb2a2021-12-21 11:32:58.943root 11241100x8000000000000000539621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3f7c5afa5a2104f2021-12-21 11:32:58.943root 11241100x8000000000000000539622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6e304413fdafb4c2021-12-21 11:32:59.443root 11241100x8000000000000000539623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af1e1b7986964af2021-12-21 11:32:59.443root 11241100x8000000000000000539624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c204ea0979af4a342021-12-21 11:32:59.443root 11241100x8000000000000000539625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa1941886b408f7b2021-12-21 11:32:59.443root 11241100x8000000000000000539626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12cd7c6aae4891ec2021-12-21 11:32:59.443root 11241100x8000000000000000539627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.271cd0421f79251e2021-12-21 11:32:59.443root 11241100x8000000000000000539628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.385de25ad0fe19ba2021-12-21 11:32:59.943root 11241100x8000000000000000539629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb7fb655064516d82021-12-21 11:32:59.943root 11241100x8000000000000000539630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3468b145161619482021-12-21 11:32:59.943root 11241100x8000000000000000539631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.550878e1eebf57d72021-12-21 11:32:59.943root 11241100x8000000000000000539632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77bbf5b0f638697c2021-12-21 11:32:59.943root 11241100x8000000000000000539633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae311bbfc5952ea2021-12-21 11:32:59.943root 354300x8000000000000000539634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:00.046{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48706-false10.0.1.12-8000- 11241100x8000000000000000539635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25ae0e5bcb2fb5482021-12-21 11:33:00.443root 11241100x8000000000000000539636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab6c3c76c1c4e4242021-12-21 11:33:00.443root 11241100x8000000000000000539637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e646249e5d8a8a32021-12-21 11:33:00.443root 11241100x8000000000000000539638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd6fe56ffcd738a52021-12-21 11:33:00.443root 11241100x8000000000000000539639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7278ff2ba0aab71f2021-12-21 11:33:00.443root 11241100x8000000000000000539640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6006c092724f038e2021-12-21 11:33:00.443root 11241100x8000000000000000539641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14584c4dc0ef2c682021-12-21 11:33:00.443root 11241100x8000000000000000539642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.216a1b3d65117a2f2021-12-21 11:33:00.943root 11241100x8000000000000000539643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62e91a621f2c21742021-12-21 11:33:00.943root 11241100x8000000000000000539644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5a28b3e8173413b2021-12-21 11:33:00.943root 11241100x8000000000000000539645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13ab9e76d2304ca92021-12-21 11:33:00.944root 11241100x8000000000000000539646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1192cbbdfdc4c0ee2021-12-21 11:33:00.944root 11241100x8000000000000000539647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef2117142b7fae402021-12-21 11:33:00.944root 11241100x8000000000000000539648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86954986131e0a152021-12-21 11:33:00.944root 11241100x8000000000000000539649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8db0139debac6fe2021-12-21 11:33:01.443root 11241100x8000000000000000539650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55150785a31d9ade2021-12-21 11:33:01.443root 11241100x8000000000000000539651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35cb43686e15ac132021-12-21 11:33:01.443root 11241100x8000000000000000539652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9745788a870fb7ff2021-12-21 11:33:01.443root 11241100x8000000000000000539653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cbed7797cb8d8202021-12-21 11:33:01.443root 11241100x8000000000000000539654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f72977082f794ca32021-12-21 11:33:01.443root 11241100x8000000000000000539655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c89e9aae81861f22021-12-21 11:33:01.443root 11241100x8000000000000000539656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a00c81f21778fe52021-12-21 11:33:01.943root 11241100x8000000000000000539657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b03318f7a5d5f1d52021-12-21 11:33:01.943root 11241100x8000000000000000539658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94f672a2c4dab6d42021-12-21 11:33:01.943root 11241100x8000000000000000539659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e49f57443367d5512021-12-21 11:33:01.943root 11241100x8000000000000000539660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.079799c670d02c472021-12-21 11:33:01.943root 11241100x8000000000000000539661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fd4165b84a4699c2021-12-21 11:33:01.943root 11241100x8000000000000000539662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d0b1ce9f1a5a9492021-12-21 11:33:01.943root 11241100x8000000000000000539663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6209d6f2069b562a2021-12-21 11:33:02.443root 11241100x8000000000000000539664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ef022fd947591282021-12-21 11:33:02.443root 11241100x8000000000000000539665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8747ce6218223cb02021-12-21 11:33:02.443root 11241100x8000000000000000539666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a35ac51cd3be93032021-12-21 11:33:02.443root 11241100x8000000000000000539667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c0241444b74794c2021-12-21 11:33:02.443root 11241100x8000000000000000539668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f24421ccc6b0e3b32021-12-21 11:33:02.443root 11241100x8000000000000000539669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dea154114aab9f62021-12-21 11:33:02.443root 11241100x8000000000000000539670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2da031f506499922021-12-21 11:33:02.943root 11241100x8000000000000000539671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8715256f11f839c42021-12-21 11:33:02.943root 11241100x8000000000000000539672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5ddd775ce03b2122021-12-21 11:33:02.943root 11241100x8000000000000000539673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3956b22e5b65a4a92021-12-21 11:33:02.943root 11241100x8000000000000000539674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3def62c89e5084f02021-12-21 11:33:02.943root 11241100x8000000000000000539675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6906affb5b2411ba2021-12-21 11:33:02.943root 11241100x8000000000000000539676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75dac2c4084c011c2021-12-21 11:33:02.943root 11241100x8000000000000000539677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57302b41f86330c12021-12-21 11:33:03.443root 11241100x8000000000000000539678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6e97b6355e5c8522021-12-21 11:33:03.443root 11241100x8000000000000000539679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.199188f42241e30b2021-12-21 11:33:03.443root 11241100x8000000000000000539680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.011314016c6b89662021-12-21 11:33:03.443root 11241100x8000000000000000539681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30054cabc0898e102021-12-21 11:33:03.443root 11241100x8000000000000000539682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c17a4f1b56df895f2021-12-21 11:33:03.443root 11241100x8000000000000000539683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e0a91a39d65c82a2021-12-21 11:33:03.443root 11241100x8000000000000000539684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ef8a1d95e47e202021-12-21 11:33:03.943root 11241100x8000000000000000539685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.685d25fb66f6bd1c2021-12-21 11:33:03.943root 11241100x8000000000000000539686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39efb15416246a742021-12-21 11:33:03.943root 11241100x8000000000000000539687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bfd843662cebc462021-12-21 11:33:03.943root 11241100x8000000000000000539688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aec097c050c67d92021-12-21 11:33:03.943root 11241100x8000000000000000539689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf8a04654f2d9edb2021-12-21 11:33:03.943root 11241100x8000000000000000539690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34ba6725b13e19cd2021-12-21 11:33:03.943root 11241100x8000000000000000539691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74621db8421d20a22021-12-21 11:33:04.443root 11241100x8000000000000000539692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d32926cdf49b8b2021-12-21 11:33:04.443root 11241100x8000000000000000539693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.139fe5f13983ed452021-12-21 11:33:04.444root 11241100x8000000000000000539694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9cae3d0f73846f62021-12-21 11:33:04.444root 11241100x8000000000000000539695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71dd256b2ebd1fe82021-12-21 11:33:04.444root 11241100x8000000000000000539696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bae5fe13a5b4d4c2021-12-21 11:33:04.444root 11241100x8000000000000000539697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.437622c086a230562021-12-21 11:33:04.444root 11241100x8000000000000000539698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.044e8754e7de31f42021-12-21 11:33:04.943root 11241100x8000000000000000539699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9dadec29ea3e3832021-12-21 11:33:04.943root 11241100x8000000000000000539700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aa73b36b78076a42021-12-21 11:33:04.943root 11241100x8000000000000000539701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e54a6b544677f6d72021-12-21 11:33:04.943root 11241100x8000000000000000539702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d023a791204ac4b52021-12-21 11:33:04.943root 11241100x8000000000000000539703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a51a4380e60f39362021-12-21 11:33:04.943root 11241100x8000000000000000539704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5696a7518c4238c82021-12-21 11:33:04.943root 354300x8000000000000000539705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:05.095{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48708-false10.0.1.12-8000- 11241100x8000000000000000539706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78ee12589b84b9622021-12-21 11:33:05.443root 11241100x8000000000000000539707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d93c65125720979a2021-12-21 11:33:05.443root 11241100x8000000000000000539708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.406b10b5e296d1d72021-12-21 11:33:05.443root 11241100x8000000000000000539709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d18b16f6ca07e78c2021-12-21 11:33:05.443root 11241100x8000000000000000539710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38284dd45c800bd32021-12-21 11:33:05.443root 11241100x8000000000000000539711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bbdb7d1a4535de82021-12-21 11:33:05.443root 11241100x8000000000000000539712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a61879eb6c548b642021-12-21 11:33:05.443root 11241100x8000000000000000539713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c3cceca7717ae772021-12-21 11:33:05.443root 11241100x8000000000000000539714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45f44f863216778c2021-12-21 11:33:05.943root 11241100x8000000000000000539715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d21d135e7ab00bb2021-12-21 11:33:05.943root 11241100x8000000000000000539716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eabd0e04b56c3622021-12-21 11:33:05.943root 11241100x8000000000000000539717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30765772818adafc2021-12-21 11:33:05.943root 11241100x8000000000000000539718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bcc061286b53d372021-12-21 11:33:05.943root 11241100x8000000000000000539719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c88f8b60a91bbd822021-12-21 11:33:05.943root 11241100x8000000000000000539720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9fdce81b1344a292021-12-21 11:33:05.943root 11241100x8000000000000000539721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a943274c0adc4f52021-12-21 11:33:05.944root 11241100x8000000000000000539722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:06.326{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 11:33:06.326root 11241100x8000000000000000539723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:06.326{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff939fc102ab18082021-12-21 11:33:06.326root 11241100x8000000000000000539724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:06.327{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a372c3b868020702021-12-21 11:33:06.327root 11241100x8000000000000000539725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:06.327{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dc24977c1235bb32021-12-21 11:33:06.327root 11241100x8000000000000000539726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:06.328{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc5758b46cd628fb2021-12-21 11:33:06.328root 11241100x8000000000000000539727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:06.328{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.984e09de691dafec2021-12-21 11:33:06.328root 11241100x8000000000000000539728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:06.328{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.251ed4c74fd6baf92021-12-21 11:33:06.328root 11241100x8000000000000000539729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:06.328{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b11e4bc13602a6342021-12-21 11:33:06.328root 11241100x8000000000000000539730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:06.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b0938a46e1153bc2021-12-21 11:33:06.329root 11241100x8000000000000000539731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:06.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a7307102f29f3512021-12-21 11:33:06.329root 11241100x8000000000000000539732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea1b9db18b8ebb8e2021-12-21 11:33:06.693root 11241100x8000000000000000539733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b001abf4dfa8c60b2021-12-21 11:33:06.693root 11241100x8000000000000000539734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb8fb225bf1f2cad2021-12-21 11:33:06.693root 11241100x8000000000000000539735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb59db5d9d067aab2021-12-21 11:33:06.693root 11241100x8000000000000000539736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a4d0c67785ccdab2021-12-21 11:33:06.693root 11241100x8000000000000000539737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5b54bebb216429a2021-12-21 11:33:06.693root 11241100x8000000000000000539738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa7aebd9adfbba612021-12-21 11:33:06.693root 11241100x8000000000000000539739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1b27566a1ee264d2021-12-21 11:33:06.693root 11241100x8000000000000000539740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebadf811bea2bb942021-12-21 11:33:06.693root 11241100x8000000000000000539741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4814a0375370c3de2021-12-21 11:33:07.193root 11241100x8000000000000000539742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48692539265e086f2021-12-21 11:33:07.193root 11241100x8000000000000000539743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.478962de5484ee7a2021-12-21 11:33:07.193root 11241100x8000000000000000539744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4681e56edda80b02021-12-21 11:33:07.193root 11241100x8000000000000000539745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce402c9fdb3fcd0d2021-12-21 11:33:07.193root 11241100x8000000000000000539746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfcc700cb72f98d12021-12-21 11:33:07.193root 11241100x8000000000000000539747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f49e4a4636148b8e2021-12-21 11:33:07.193root 11241100x8000000000000000539748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0fe3acb8ea7c8092021-12-21 11:33:07.193root 11241100x8000000000000000539749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a37e21ac09345a52021-12-21 11:33:07.193root 11241100x8000000000000000539750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c633136f23dd4c42021-12-21 11:33:07.693root 11241100x8000000000000000539751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8bd62a4a962ef832021-12-21 11:33:07.693root 11241100x8000000000000000539752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2af7c783a7307432021-12-21 11:33:07.693root 11241100x8000000000000000539753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f06c57cb6cbe69de2021-12-21 11:33:07.693root 11241100x8000000000000000539754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9eba6f5251c12752021-12-21 11:33:07.693root 11241100x8000000000000000539755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13082df101b68a6b2021-12-21 11:33:07.693root 11241100x8000000000000000539756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.249145a7c8f449362021-12-21 11:33:07.693root 11241100x8000000000000000539757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50922211dd193d102021-12-21 11:33:07.693root 11241100x8000000000000000539758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61240dba6bbe8a662021-12-21 11:33:07.693root 11241100x8000000000000000539759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0373592b6e857fa2021-12-21 11:33:08.193root 11241100x8000000000000000539760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a31056c62a8106b2021-12-21 11:33:08.193root 11241100x8000000000000000539761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b7be55b8002ef232021-12-21 11:33:08.193root 11241100x8000000000000000539762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2719d6d17c373e692021-12-21 11:33:08.193root 11241100x8000000000000000539763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a0a0afbb2bde172021-12-21 11:33:08.193root 11241100x8000000000000000539764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce60e732bafd08a62021-12-21 11:33:08.193root 11241100x8000000000000000539765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b0e4d1b96ebc62a2021-12-21 11:33:08.193root 11241100x8000000000000000539766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f0de91396068ef42021-12-21 11:33:08.193root 11241100x8000000000000000539767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3261c484916cbca62021-12-21 11:33:08.193root 11241100x8000000000000000539768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a523031daca63ef02021-12-21 11:33:08.693root 11241100x8000000000000000539769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.762d327f1b7258272021-12-21 11:33:08.693root 11241100x8000000000000000539770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5adc2ec1f214de5a2021-12-21 11:33:08.693root 11241100x8000000000000000539771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1ef636e934eec482021-12-21 11:33:08.693root 11241100x8000000000000000539772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.132fa4fc8f92c0fd2021-12-21 11:33:08.693root 11241100x8000000000000000539773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bb958c573b212ca2021-12-21 11:33:08.693root 11241100x8000000000000000539774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0e2d4e1dda4ebc12021-12-21 11:33:08.693root 11241100x8000000000000000539775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.477a455c504c60452021-12-21 11:33:08.693root 11241100x8000000000000000539776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d96a74cf835e3feb2021-12-21 11:33:08.693root 11241100x8000000000000000539777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8d0df7487696aca2021-12-21 11:33:09.193root 11241100x8000000000000000539778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3d00b905c9f93702021-12-21 11:33:09.193root 11241100x8000000000000000539779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70ec6c98ee8928d52021-12-21 11:33:09.193root 11241100x8000000000000000539780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2fa762b3071a92f2021-12-21 11:33:09.193root 11241100x8000000000000000539781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.059b7240c5cdbfa72021-12-21 11:33:09.193root 11241100x8000000000000000539782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee59156d2e8b3d012021-12-21 11:33:09.193root 11241100x8000000000000000539783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.690d33454fcc1fed2021-12-21 11:33:09.193root 11241100x8000000000000000539784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f687bcaa98776d22021-12-21 11:33:09.193root 11241100x8000000000000000539785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9fbd83deac49dc72021-12-21 11:33:09.193root 23542300x8000000000000000539786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:09.327{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000539787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1ab040b81ad7b792021-12-21 11:33:09.693root 11241100x8000000000000000539788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4c988fce75193932021-12-21 11:33:09.693root 11241100x8000000000000000539789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a989c802fc5d0eb72021-12-21 11:33:09.693root 11241100x8000000000000000539790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50b4e9555f9436922021-12-21 11:33:09.693root 11241100x8000000000000000539791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e04bbf5ad9d460772021-12-21 11:33:09.693root 11241100x8000000000000000539792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd4ebc6e13be85722021-12-21 11:33:09.693root 11241100x8000000000000000539793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9704693a2d345bc2021-12-21 11:33:09.693root 11241100x8000000000000000539794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4c73b04a8f40d962021-12-21 11:33:09.693root 11241100x8000000000000000539795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3634e5a450cdf9dc2021-12-21 11:33:09.693root 11241100x8000000000000000539796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c46e05b4aeaeb5492021-12-21 11:33:09.693root 354300x8000000000000000539797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:10.121{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48710-false10.0.1.12-8000- 11241100x8000000000000000539798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:10.122{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.897f6b5d2df9922f2021-12-21 11:33:10.122root 11241100x8000000000000000539799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:10.122{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7112ded46a7401f2021-12-21 11:33:10.122root 11241100x8000000000000000539800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:10.122{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d120a9c295689c82021-12-21 11:33:10.122root 11241100x8000000000000000539801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:10.122{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1600b3a35e7d4eeb2021-12-21 11:33:10.122root 11241100x8000000000000000539802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:10.122{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2302afade30277a12021-12-21 11:33:10.122root 11241100x8000000000000000539803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:10.122{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a66dcd6e8aa7adb92021-12-21 11:33:10.122root 11241100x8000000000000000539804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:10.123{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf98e033c1a9086e2021-12-21 11:33:10.123root 11241100x8000000000000000539805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:10.123{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b67443e0520059d2021-12-21 11:33:10.123root 11241100x8000000000000000539806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:10.123{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.393e90dfe85884602021-12-21 11:33:10.123root 11241100x8000000000000000539807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:10.123{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca254af62b44a2022021-12-21 11:33:10.123root 11241100x8000000000000000539808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:10.123{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aca0cc850124a1b62021-12-21 11:33:10.123root 11241100x8000000000000000539809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bb7ff3a98fefd6a2021-12-21 11:33:10.443root 11241100x8000000000000000539810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4472855184acaf2f2021-12-21 11:33:10.443root 11241100x8000000000000000539811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2de6592b1b383ebb2021-12-21 11:33:10.443root 11241100x8000000000000000539812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.451c2f9ebddf33162021-12-21 11:33:10.443root 11241100x8000000000000000539813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2764a5080ecc3a32021-12-21 11:33:10.444root 11241100x8000000000000000539814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e7026b0d66697e92021-12-21 11:33:10.444root 11241100x8000000000000000539815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acddca52a435817c2021-12-21 11:33:10.444root 11241100x8000000000000000539816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c674460a233c29332021-12-21 11:33:10.444root 11241100x8000000000000000539817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5516a6c702df3c852021-12-21 11:33:10.444root 11241100x8000000000000000539818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf1d12eea48370b02021-12-21 11:33:10.444root 11241100x8000000000000000539819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59262b2c03ff99792021-12-21 11:33:10.444root 11241100x8000000000000000539820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b94079466438a7e22021-12-21 11:33:10.943root 11241100x8000000000000000539821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.724648e0627ee32f2021-12-21 11:33:10.943root 11241100x8000000000000000539822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a92f4e9f1aec6722021-12-21 11:33:10.943root 11241100x8000000000000000539823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21a5bbba0ff3085c2021-12-21 11:33:10.943root 11241100x8000000000000000539824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a66231c42ea26082021-12-21 11:33:10.943root 11241100x8000000000000000539825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06f15c60275518e92021-12-21 11:33:10.943root 11241100x8000000000000000539826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6094e536b3d212202021-12-21 11:33:10.943root 11241100x8000000000000000539827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffeb5b39ba0cdd322021-12-21 11:33:10.944root 11241100x8000000000000000539828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26554c5e121a884a2021-12-21 11:33:10.944root 11241100x8000000000000000539829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e69c4f474de08d342021-12-21 11:33:10.944root 11241100x8000000000000000539830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8d30d664498f5f02021-12-21 11:33:10.944root 11241100x8000000000000000539831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7705d0a8dd27027e2021-12-21 11:33:11.443root 11241100x8000000000000000539832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5935ae01f79bf342021-12-21 11:33:11.443root 11241100x8000000000000000539833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93d8d5c0dd2754b32021-12-21 11:33:11.443root 11241100x8000000000000000539834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.944e3c4417e56d262021-12-21 11:33:11.444root 11241100x8000000000000000539835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.603e2475c78929f82021-12-21 11:33:11.444root 11241100x8000000000000000539836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c72995fff5e548d72021-12-21 11:33:11.444root 11241100x8000000000000000539837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c24a2bc1fa4176c22021-12-21 11:33:11.444root 11241100x8000000000000000539838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66917069a9987d7b2021-12-21 11:33:11.444root 11241100x8000000000000000539839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da12bee34a6debc92021-12-21 11:33:11.444root 11241100x8000000000000000539840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99d443c7f74a459e2021-12-21 11:33:11.444root 11241100x8000000000000000539841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eb35ded1db2fc342021-12-21 11:33:11.444root 11241100x8000000000000000539842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d9a8c5f614593152021-12-21 11:33:11.943root 11241100x8000000000000000539843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7d48ab07ee4b60a2021-12-21 11:33:11.943root 11241100x8000000000000000539844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf16b9bf90421c752021-12-21 11:33:11.943root 11241100x8000000000000000539845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f1e31c03590edc92021-12-21 11:33:11.943root 11241100x8000000000000000539846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0388bd5257652752021-12-21 11:33:11.943root 11241100x8000000000000000539847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.209a9f5db258d3922021-12-21 11:33:11.943root 11241100x8000000000000000539848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.698180c5c50a5c6b2021-12-21 11:33:11.944root 11241100x8000000000000000539849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6cc80bf426c612f2021-12-21 11:33:11.944root 11241100x8000000000000000539850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41acda7b0928c7b42021-12-21 11:33:11.944root 11241100x8000000000000000539851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58ebe32f82823c2b2021-12-21 11:33:11.944root 11241100x8000000000000000539852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d6e3fbe54ec55452021-12-21 11:33:11.944root 11241100x8000000000000000539853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a509facc5e7b280a2021-12-21 11:33:12.443root 11241100x8000000000000000539854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04ebd4b564bb1cd52021-12-21 11:33:12.443root 11241100x8000000000000000539855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bffc6038494b18e2021-12-21 11:33:12.443root 11241100x8000000000000000539856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4752f655843e75382021-12-21 11:33:12.443root 11241100x8000000000000000539857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18e7a23cd3a7dfa12021-12-21 11:33:12.443root 11241100x8000000000000000539858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5dd306a0d018a432021-12-21 11:33:12.443root 11241100x8000000000000000539859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d11943641094efa2021-12-21 11:33:12.443root 11241100x8000000000000000539860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c52500026176d8602021-12-21 11:33:12.443root 11241100x8000000000000000539861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b132ad67bc87a312021-12-21 11:33:12.443root 11241100x8000000000000000539862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83439894c60191442021-12-21 11:33:12.444root 11241100x8000000000000000539863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8882c54e3aa671e2021-12-21 11:33:12.444root 11241100x8000000000000000539864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4afc60368e7abd722021-12-21 11:33:12.943root 11241100x8000000000000000539865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.874d250baa0d18ff2021-12-21 11:33:12.943root 11241100x8000000000000000539866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb3c1321ed0d72e2021-12-21 11:33:12.943root 11241100x8000000000000000539867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.079e31fc6579ed852021-12-21 11:33:12.943root 11241100x8000000000000000539868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38d7ed732c79dca12021-12-21 11:33:12.943root 11241100x8000000000000000539869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e22e27705531d6732021-12-21 11:33:12.943root 11241100x8000000000000000539870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed7ae1d24c5ef6792021-12-21 11:33:12.943root 11241100x8000000000000000539871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2a4095ad468894d2021-12-21 11:33:12.943root 11241100x8000000000000000539872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c0a1968991113e22021-12-21 11:33:12.944root 11241100x8000000000000000539873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75c1d6d912494c522021-12-21 11:33:12.944root 11241100x8000000000000000539874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edbb4e71731e027a2021-12-21 11:33:12.944root 11241100x8000000000000000539875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b4b2b3d061ac91a2021-12-21 11:33:13.443root 11241100x8000000000000000539876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07f3c497340fc3e62021-12-21 11:33:13.443root 11241100x8000000000000000539877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d779678d2aead9722021-12-21 11:33:13.443root 11241100x8000000000000000539878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0c80ac2fe0817892021-12-21 11:33:13.443root 11241100x8000000000000000539879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce88b4af532b15eb2021-12-21 11:33:13.443root 11241100x8000000000000000539880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aed21cef2cfd0482021-12-21 11:33:13.443root 11241100x8000000000000000539881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d45d9b2e1ad86002021-12-21 11:33:13.443root 11241100x8000000000000000539882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e3e803b18cc44202021-12-21 11:33:13.443root 11241100x8000000000000000539883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb0f169333696a572021-12-21 11:33:13.443root 11241100x8000000000000000539884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9252ffe9e9e7f722021-12-21 11:33:13.443root 11241100x8000000000000000539885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23c1e09a626c63fa2021-12-21 11:33:13.444root 11241100x8000000000000000539886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eb66306832cc2372021-12-21 11:33:13.943root 11241100x8000000000000000539887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34f3885fd90264ec2021-12-21 11:33:13.943root 11241100x8000000000000000539888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a108508cace99ad2021-12-21 11:33:13.943root 11241100x8000000000000000539889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3204d5589ae037b2021-12-21 11:33:13.944root 11241100x8000000000000000539890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.369ff104043be8e32021-12-21 11:33:13.944root 11241100x8000000000000000539891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74b11f989ef2472e2021-12-21 11:33:13.944root 11241100x8000000000000000539892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fb0ec27005bbcd22021-12-21 11:33:13.944root 11241100x8000000000000000539893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f242e701661285042021-12-21 11:33:13.944root 11241100x8000000000000000539894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ef3232d8c32bf912021-12-21 11:33:13.945root 11241100x8000000000000000539895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8c9273b3cdab1cd2021-12-21 11:33:13.945root 11241100x8000000000000000539896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da01ca63062c7c6c2021-12-21 11:33:13.945root 11241100x8000000000000000539897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.182ec1a8505c46d72021-12-21 11:33:14.443root 11241100x8000000000000000539898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0e675c7928d5a472021-12-21 11:33:14.443root 11241100x8000000000000000539899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1feec82deb688c12021-12-21 11:33:14.443root 11241100x8000000000000000539900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d268c2983b3bcab2021-12-21 11:33:14.443root 11241100x8000000000000000539901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ca5b23b37ee22c42021-12-21 11:33:14.443root 11241100x8000000000000000539902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f94bb4d9e78387f2021-12-21 11:33:14.443root 11241100x8000000000000000539903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69ffc5fa2b1f8cf42021-12-21 11:33:14.443root 11241100x8000000000000000539904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7230a79dfa1bc7b82021-12-21 11:33:14.443root 11241100x8000000000000000539905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57c435a87409d12b2021-12-21 11:33:14.444root 11241100x8000000000000000539906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58fce80e7ee61d5f2021-12-21 11:33:14.444root 11241100x8000000000000000539907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cec66f460846d3bf2021-12-21 11:33:14.444root 11241100x8000000000000000539908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.011c6ed804246b9e2021-12-21 11:33:14.943root 11241100x8000000000000000539909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9900f2a376b82b7a2021-12-21 11:33:14.943root 11241100x8000000000000000539910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50a7ebd1393b66b42021-12-21 11:33:14.943root 11241100x8000000000000000539911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cba965950d467612021-12-21 11:33:14.943root 11241100x8000000000000000539912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88f11601a31dbfb72021-12-21 11:33:14.943root 11241100x8000000000000000539913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e10e4feb3d60502021-12-21 11:33:14.943root 11241100x8000000000000000539914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a482e21d82a7a60e2021-12-21 11:33:14.943root 11241100x8000000000000000539915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7317bd72b7808b3d2021-12-21 11:33:14.943root 11241100x8000000000000000539916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b33e4426e02e34e62021-12-21 11:33:14.943root 11241100x8000000000000000539917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3b9e1537686fd1f2021-12-21 11:33:14.944root 11241100x8000000000000000539918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cde91a16c8bf58df2021-12-21 11:33:14.944root 11241100x8000000000000000539919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8b790dd087ef2cf2021-12-21 11:33:15.443root 11241100x8000000000000000539920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ecfc262735cfd002021-12-21 11:33:15.443root 11241100x8000000000000000539921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a27c85ee616f3f82021-12-21 11:33:15.443root 11241100x8000000000000000539922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cc8e16ecef192102021-12-21 11:33:15.443root 11241100x8000000000000000539923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.696495c562b0bb0a2021-12-21 11:33:15.443root 11241100x8000000000000000539924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0d95b2f59c837e92021-12-21 11:33:15.443root 11241100x8000000000000000539925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29c6fb350e5b39902021-12-21 11:33:15.444root 11241100x8000000000000000539926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0db3df6f3d0ea4d62021-12-21 11:33:15.444root 11241100x8000000000000000539927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0316b46aa021d5532021-12-21 11:33:15.444root 11241100x8000000000000000539928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48cf2e41300f77292021-12-21 11:33:15.444root 11241100x8000000000000000539929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00dee4a127e77c112021-12-21 11:33:15.444root 11241100x8000000000000000539930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c23678d1e5ee182021-12-21 11:33:15.943root 11241100x8000000000000000539931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d2872c14b7dd9d2021-12-21 11:33:15.943root 11241100x8000000000000000539932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ea0bedbe28f5d2e2021-12-21 11:33:15.943root 11241100x8000000000000000539933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17226cbda3481c252021-12-21 11:33:15.943root 11241100x8000000000000000539934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a31b08736733dbb52021-12-21 11:33:15.943root 11241100x8000000000000000539935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c05c0557ad1725d2021-12-21 11:33:15.943root 11241100x8000000000000000539936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0802f58ff87f70322021-12-21 11:33:15.943root 11241100x8000000000000000539937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7db49d8121a5f832021-12-21 11:33:15.944root 11241100x8000000000000000539938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af403c1dca3504722021-12-21 11:33:15.944root 11241100x8000000000000000539939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af7b9052051668ff2021-12-21 11:33:15.944root 11241100x8000000000000000539940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2b6670c2fc8200b2021-12-21 11:33:15.944root 354300x8000000000000000539941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:16.025{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48712-false10.0.1.12-8000- 11241100x8000000000000000539942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:16.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ca8905ba6d86ade2021-12-21 11:33:16.442root 11241100x8000000000000000539943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1c6a94546b9891b2021-12-21 11:33:16.443root 11241100x8000000000000000539944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dbc2b613e7a31492021-12-21 11:33:16.443root 11241100x8000000000000000539945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e421e93507c895f22021-12-21 11:33:16.443root 11241100x8000000000000000539946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67918ff5965659872021-12-21 11:33:16.444root 11241100x8000000000000000539947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ce881f9a94ad14a2021-12-21 11:33:16.444root 11241100x8000000000000000539948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59268fc5d00ae5802021-12-21 11:33:16.444root 11241100x8000000000000000539949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49168f7accaf7cf62021-12-21 11:33:16.444root 11241100x8000000000000000539950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb0d4c4125255c572021-12-21 11:33:16.444root 11241100x8000000000000000539951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c741866ff563b72e2021-12-21 11:33:16.444root 11241100x8000000000000000539952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68018b412dbe3ff22021-12-21 11:33:16.444root 11241100x8000000000000000539953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f32721c93e4a90b2021-12-21 11:33:16.444root 11241100x8000000000000000539954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada5e45797255b0c2021-12-21 11:33:16.444root 11241100x8000000000000000539955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82f71fff284f480d2021-12-21 11:33:16.444root 11241100x8000000000000000539956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d19c8876b24faf5d2021-12-21 11:33:16.444root 11241100x8000000000000000539957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1368e5f3fcaafd2c2021-12-21 11:33:16.444root 11241100x8000000000000000539958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1046d961fcd441ad2021-12-21 11:33:16.943root 11241100x8000000000000000539959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d69cd8790e4d14e52021-12-21 11:33:16.943root 11241100x8000000000000000539960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f1c751636499e82021-12-21 11:33:16.943root 11241100x8000000000000000539961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dd716e9a750f8422021-12-21 11:33:16.943root 11241100x8000000000000000539962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16cc95f438225e952021-12-21 11:33:16.943root 11241100x8000000000000000539963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c9a61f03420c8b2021-12-21 11:33:16.943root 11241100x8000000000000000539964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2e1c7dfde893c682021-12-21 11:33:16.943root 11241100x8000000000000000539965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0497c01f1e93010b2021-12-21 11:33:16.943root 11241100x8000000000000000539966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34eac8b0e8c667fa2021-12-21 11:33:16.943root 11241100x8000000000000000539967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63b5b3b4aa75582f2021-12-21 11:33:16.944root 11241100x8000000000000000539968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd4a7bc38bbe19bf2021-12-21 11:33:16.944root 11241100x8000000000000000539969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b3cf81b77e254a92021-12-21 11:33:16.944root 11241100x8000000000000000539970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59a716890fbab8292021-12-21 11:33:17.443root 11241100x8000000000000000539971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dc1d1c7f89785f32021-12-21 11:33:17.443root 11241100x8000000000000000539972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49612b3c6046ed2a2021-12-21 11:33:17.443root 11241100x8000000000000000539973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53eaa01fee1912282021-12-21 11:33:17.443root 11241100x8000000000000000539974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2bdaeb058f22f022021-12-21 11:33:17.443root 11241100x8000000000000000539975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d08a366ec10503352021-12-21 11:33:17.443root 11241100x8000000000000000539976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c581de22afe614992021-12-21 11:33:17.443root 11241100x8000000000000000539977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36eaf237d8d7e5642021-12-21 11:33:17.443root 11241100x8000000000000000539978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d5a094be5431f2e2021-12-21 11:33:17.444root 11241100x8000000000000000539979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87ec7087620416682021-12-21 11:33:17.444root 11241100x8000000000000000539980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e0600131b04925d2021-12-21 11:33:17.444root 11241100x8000000000000000539981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c3d616f56f99c212021-12-21 11:33:17.444root 11241100x8000000000000000539982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:17.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7919d451cc37537d2021-12-21 11:33:17.942root 11241100x8000000000000000539983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e34b9e9fe15648d82021-12-21 11:33:17.943root 11241100x8000000000000000539984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f1c7d43ece83352021-12-21 11:33:17.943root 11241100x8000000000000000539985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb289289352a8e4d2021-12-21 11:33:17.943root 11241100x8000000000000000539986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ca12e86bcbccc302021-12-21 11:33:17.943root 11241100x8000000000000000539987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc9c9690b35e0a122021-12-21 11:33:17.943root 11241100x8000000000000000539988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24caa97bec3b7d742021-12-21 11:33:17.943root 11241100x8000000000000000539989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87b79aa3f488b8c92021-12-21 11:33:17.944root 11241100x8000000000000000539990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fc516d3d0a131902021-12-21 11:33:17.944root 11241100x8000000000000000539991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0843fe4b6d513d2a2021-12-21 11:33:17.944root 11241100x8000000000000000539992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36f7c16c532a50382021-12-21 11:33:17.944root 11241100x8000000000000000539993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a92aea4d4f78b97b2021-12-21 11:33:17.944root 11241100x8000000000000000539994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:18.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7174f2610055e98c2021-12-21 11:33:18.442root 11241100x8000000000000000539995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3598c336b98b87792021-12-21 11:33:18.443root 11241100x8000000000000000539996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f19fbbc7baa4d5132021-12-21 11:33:18.443root 11241100x8000000000000000539997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f0710aff34478242021-12-21 11:33:18.443root 11241100x8000000000000000539998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c736929443fe85c2021-12-21 11:33:18.443root 11241100x8000000000000000539999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d172d6d2a0f8786a2021-12-21 11:33:18.443root 11241100x8000000000000000540000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ddb4f4b13f70522021-12-21 11:33:18.443root 11241100x8000000000000000540001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10fae9cf7f6567662021-12-21 11:33:18.443root 11241100x8000000000000000540002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.708f26ff20d933752021-12-21 11:33:18.443root 11241100x8000000000000000540003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26312832eecd8e1b2021-12-21 11:33:18.443root 11241100x8000000000000000540004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.522c2e5da0555b9f2021-12-21 11:33:18.443root 11241100x8000000000000000540005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.238f2f76e20b52092021-12-21 11:33:18.443root 11241100x8000000000000000540006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cc2b5296aec807f2021-12-21 11:33:18.943root 11241100x8000000000000000540007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea2dabbfdad753022021-12-21 11:33:18.943root 11241100x8000000000000000540008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39cacc5336b9b2fd2021-12-21 11:33:18.943root 11241100x8000000000000000540009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e81f42e64d40bd72021-12-21 11:33:18.943root 11241100x8000000000000000540010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42b8828f09592f752021-12-21 11:33:18.943root 11241100x8000000000000000540011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.223dae2187f99b982021-12-21 11:33:18.943root 11241100x8000000000000000540012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a047a4d50f31a9432021-12-21 11:33:18.944root 11241100x8000000000000000540013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11a720936bd571ee2021-12-21 11:33:18.944root 11241100x8000000000000000540014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2e2ba9561ce07bd2021-12-21 11:33:18.944root 11241100x8000000000000000540015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.858a11deb6db1d532021-12-21 11:33:18.944root 11241100x8000000000000000540016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28195cc56cbfc9bf2021-12-21 11:33:18.944root 11241100x8000000000000000540017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b21696c6a96c4d182021-12-21 11:33:18.944root 11241100x8000000000000000540018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41fb1a6f8f61a8f62021-12-21 11:33:19.443root 11241100x8000000000000000540019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5f0947e5265ebeb2021-12-21 11:33:19.443root 11241100x8000000000000000540020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88fc6c79a843cbeb2021-12-21 11:33:19.443root 11241100x8000000000000000540021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f3bb9d454d2badd2021-12-21 11:33:19.443root 11241100x8000000000000000540022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f14fd0e79594160a2021-12-21 11:33:19.443root 11241100x8000000000000000540023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57714d30ca267c852021-12-21 11:33:19.443root 11241100x8000000000000000540024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45e64d5af79938832021-12-21 11:33:19.443root 11241100x8000000000000000540025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.791243cb20efecef2021-12-21 11:33:19.444root 11241100x8000000000000000540026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2b61798545c79442021-12-21 11:33:19.444root 11241100x8000000000000000540027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e504b1f7ae5892b52021-12-21 11:33:19.444root 11241100x8000000000000000540028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.338dcc746d9ec58f2021-12-21 11:33:19.444root 11241100x8000000000000000540029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.751fef19110c88462021-12-21 11:33:19.444root 11241100x8000000000000000540030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.244e2edb8243003f2021-12-21 11:33:19.943root 11241100x8000000000000000540031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94c85bc975b85dd52021-12-21 11:33:19.943root 11241100x8000000000000000540032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.244aa559ad9fec6f2021-12-21 11:33:19.943root 11241100x8000000000000000540033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ed89f4f83f082b82021-12-21 11:33:19.943root 11241100x8000000000000000540034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7c1756e4ffd9ad32021-12-21 11:33:19.943root 11241100x8000000000000000540035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fb0ad876907b4522021-12-21 11:33:19.943root 11241100x8000000000000000540036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e7a6a58c099d26c2021-12-21 11:33:19.943root 11241100x8000000000000000540037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f88a4ba17996721e2021-12-21 11:33:19.943root 11241100x8000000000000000540038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.571abbbf1231fc1a2021-12-21 11:33:19.943root 11241100x8000000000000000540039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7c60dc699c41b9d2021-12-21 11:33:19.944root 11241100x8000000000000000540040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fa6493cb048ef7a2021-12-21 11:33:19.944root 11241100x8000000000000000540041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5edfbe89e9e77f972021-12-21 11:33:19.944root 11241100x8000000000000000540042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.690a4924aa7145c62021-12-21 11:33:20.443root 11241100x8000000000000000540043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6a099038808016f2021-12-21 11:33:20.443root 11241100x8000000000000000540044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aa0d0cd8acb28422021-12-21 11:33:20.443root 11241100x8000000000000000540045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c738e5342eba40822021-12-21 11:33:20.443root 11241100x8000000000000000540046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84dcc7e8c67b16302021-12-21 11:33:20.443root 11241100x8000000000000000540047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b318f546211ad0422021-12-21 11:33:20.443root 11241100x8000000000000000540048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.277d87c96abd4e7a2021-12-21 11:33:20.443root 11241100x8000000000000000540049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a963b77e455189b72021-12-21 11:33:20.443root 11241100x8000000000000000540050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b575a10d5089a54f2021-12-21 11:33:20.443root 11241100x8000000000000000540051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36fa13483fee71372021-12-21 11:33:20.443root 11241100x8000000000000000540052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6502dab13040fb02021-12-21 11:33:20.444root 11241100x8000000000000000540053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.414eb69adf955c6e2021-12-21 11:33:20.444root 11241100x8000000000000000540054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84f8e6b30e52c61b2021-12-21 11:33:20.943root 11241100x8000000000000000540055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eb468cc03902f222021-12-21 11:33:20.943root 11241100x8000000000000000540056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a522c4e297b5f4a72021-12-21 11:33:20.943root 11241100x8000000000000000540057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bb648de19d071102021-12-21 11:33:20.943root 11241100x8000000000000000540058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56106b8e90cdfaee2021-12-21 11:33:20.943root 11241100x8000000000000000540059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ca43c524512bb082021-12-21 11:33:20.943root 11241100x8000000000000000540060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0bdbd7a70145ac82021-12-21 11:33:20.943root 11241100x8000000000000000540061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0a3422cf607dc4a2021-12-21 11:33:20.943root 11241100x8000000000000000540062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99abbf8e23ce34832021-12-21 11:33:20.943root 11241100x8000000000000000540063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.773fdd4211c5b91e2021-12-21 11:33:20.944root 11241100x8000000000000000540064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1d767e237e68c942021-12-21 11:33:20.944root 11241100x8000000000000000540065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea1410c4a8f01eda2021-12-21 11:33:20.944root 354300x8000000000000000540066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:21.202{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48714-false10.0.1.12-8000- 11241100x8000000000000000540067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:21.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.199b9f9b58e13ada2021-12-21 11:33:21.203root 11241100x8000000000000000540068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:21.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8159cb03e0325c352021-12-21 11:33:21.203root 11241100x8000000000000000540069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:21.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3f32e9ee648a4872021-12-21 11:33:21.203root 11241100x8000000000000000540070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:21.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92b78273afa87e0e2021-12-21 11:33:21.203root 11241100x8000000000000000540071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:21.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b547e9c633c64a8b2021-12-21 11:33:21.203root 11241100x8000000000000000540072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:21.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ea8a65686ddebac2021-12-21 11:33:21.203root 11241100x8000000000000000540073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:21.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2870da2672f549cc2021-12-21 11:33:21.203root 11241100x8000000000000000540074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:21.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a62eae6c07e755f42021-12-21 11:33:21.203root 11241100x8000000000000000540075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:21.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d06c02be521549f32021-12-21 11:33:21.203root 11241100x8000000000000000540076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:21.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e81d75535edfdb682021-12-21 11:33:21.203root 11241100x8000000000000000540077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:21.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f46bb6902bdffb6e2021-12-21 11:33:21.204root 11241100x8000000000000000540078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:21.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43eb87e56c038fe32021-12-21 11:33:21.204root 11241100x8000000000000000540079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:21.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.520f1dceca7421782021-12-21 11:33:21.204root 11241100x8000000000000000540080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f18cb6889e17fd32021-12-21 11:33:21.693root 11241100x8000000000000000540081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ea2d926b5214e22021-12-21 11:33:21.693root 11241100x8000000000000000540082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a87502a34dfdfcdb2021-12-21 11:33:21.693root 11241100x8000000000000000540083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90250f286c69810d2021-12-21 11:33:21.693root 11241100x8000000000000000540084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f52ea29fb525f8942021-12-21 11:33:21.693root 11241100x8000000000000000540085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.338668674c5f41572021-12-21 11:33:21.693root 11241100x8000000000000000540086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75cea7fc52921e6b2021-12-21 11:33:21.693root 11241100x8000000000000000540087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23db2bd1c35581112021-12-21 11:33:21.693root 11241100x8000000000000000540088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70cd6ad664afce9d2021-12-21 11:33:21.693root 11241100x8000000000000000540089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b7fd5b71d581ce02021-12-21 11:33:21.694root 11241100x8000000000000000540090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07c03c860e092d432021-12-21 11:33:21.694root 11241100x8000000000000000540091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a29ddb2de2059dc72021-12-21 11:33:21.694root 11241100x8000000000000000540092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fca1cd57376c0292021-12-21 11:33:21.694root 154100x8000000000000000540093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:21.976{ec2b6afe-bb81-61c1-6854-39722c560000}9890/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2319--- 11241100x8000000000000000540094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:21.977{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.449b9a440a49a1162021-12-21 11:33:21.977root 11241100x8000000000000000540095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:21.978{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.567f41c4a46ca39b2021-12-21 11:33:21.978root 11241100x8000000000000000540096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:21.978{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5409a341cb3ac8632021-12-21 11:33:21.978root 11241100x8000000000000000540097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:21.978{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.159c0470d831c55f2021-12-21 11:33:21.978root 11241100x8000000000000000540098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:21.979{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.785cf12f71c076de2021-12-21 11:33:21.979root 11241100x8000000000000000540099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:21.979{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ba4929ffb165a2e2021-12-21 11:33:21.979root 11241100x8000000000000000540100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:21.979{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6634102c47296872021-12-21 11:33:21.979root 11241100x8000000000000000540101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:21.979{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c775d4b7e1ef5552021-12-21 11:33:21.979root 11241100x8000000000000000540102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:21.979{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.424e2ee8da360e9c2021-12-21 11:33:21.979root 11241100x8000000000000000540103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:21.979{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb2b259e00f9b5012021-12-21 11:33:21.979root 11241100x8000000000000000540104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:21.979{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6944be75eb4380ab2021-12-21 11:33:21.979root 11241100x8000000000000000540105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:21.980{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d80f0c4a81009b0c2021-12-21 11:33:21.980root 11241100x8000000000000000540106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:21.980{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eda6c5d8e9b19a1f2021-12-21 11:33:21.980root 534500x8000000000000000540107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:22.000{ec2b6afe-bb81-61c1-6854-39722c560000}9890/bin/psroot 11241100x8000000000000000540108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.033d4525a616b8842021-12-21 11:33:22.443root 11241100x8000000000000000540109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd699d994319e2af2021-12-21 11:33:22.443root 11241100x8000000000000000540110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77490653128ef9f72021-12-21 11:33:22.443root 11241100x8000000000000000540111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.604e866aa3acba232021-12-21 11:33:22.443root 11241100x8000000000000000540112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f241725d7dda25e2021-12-21 11:33:22.444root 11241100x8000000000000000540113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33990c6bb8dad7862021-12-21 11:33:22.444root 11241100x8000000000000000540114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7f0dfa7ed8464d72021-12-21 11:33:22.444root 11241100x8000000000000000540115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca216b5e862747032021-12-21 11:33:22.444root 11241100x8000000000000000540116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.065d51e25cd5d0172021-12-21 11:33:22.444root 11241100x8000000000000000540117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef8eaa78233f1e752021-12-21 11:33:22.444root 11241100x8000000000000000540118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbf280da9665ff3f2021-12-21 11:33:22.444root 11241100x8000000000000000540119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e34ae85fe3376392021-12-21 11:33:22.444root 11241100x8000000000000000540120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25955ba5da7e5a492021-12-21 11:33:22.444root 11241100x8000000000000000540121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42b0c286b072475a2021-12-21 11:33:22.445root 11241100x8000000000000000540122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5b99258de59042f2021-12-21 11:33:22.445root 11241100x8000000000000000540123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f9fdb4e3fa7ee742021-12-21 11:33:22.943root 11241100x8000000000000000540124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fd4ca76f1e6c7cc2021-12-21 11:33:22.943root 11241100x8000000000000000540125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66429992061dd4032021-12-21 11:33:22.943root 11241100x8000000000000000540126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfa64857d81fde6d2021-12-21 11:33:22.943root 11241100x8000000000000000540127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e17ddc5faea9d3c2021-12-21 11:33:22.943root 11241100x8000000000000000540128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ac1ffc9226e9422021-12-21 11:33:22.943root 11241100x8000000000000000540129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.235d2cc74d36c2df2021-12-21 11:33:22.944root 11241100x8000000000000000540130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4704cbce62a75b162021-12-21 11:33:22.944root 11241100x8000000000000000540131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f909ed2887a298502021-12-21 11:33:22.944root 11241100x8000000000000000540132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1304e1886ffd94602021-12-21 11:33:22.944root 11241100x8000000000000000540133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa235e46c811c322021-12-21 11:33:22.944root 11241100x8000000000000000540134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4e8b2b137f285162021-12-21 11:33:22.944root 11241100x8000000000000000540135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca7f5bba90dd412e2021-12-21 11:33:22.944root 11241100x8000000000000000540136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6c2f1e633d82e9b2021-12-21 11:33:22.944root 11241100x8000000000000000540137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79d6130a38bb9ae72021-12-21 11:33:22.944root 11241100x8000000000000000540138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e2976ec9f3227d2021-12-21 11:33:23.443root 11241100x8000000000000000540139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b899cc2abf526b7d2021-12-21 11:33:23.443root 11241100x8000000000000000540140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14463b137f2caef32021-12-21 11:33:23.443root 11241100x8000000000000000540141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67d1decf145f61712021-12-21 11:33:23.443root 11241100x8000000000000000540142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83ece2cdbc21a0be2021-12-21 11:33:23.443root 11241100x8000000000000000540143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fdb705207b2a3022021-12-21 11:33:23.444root 11241100x8000000000000000540144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0230bcc3eacd6b692021-12-21 11:33:23.444root 11241100x8000000000000000540145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59395edaab3566fe2021-12-21 11:33:23.444root 11241100x8000000000000000540146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7774cc7ee3ddad042021-12-21 11:33:23.444root 11241100x8000000000000000540147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33df2112ee5d24082021-12-21 11:33:23.444root 11241100x8000000000000000540148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45bf27be7293ef142021-12-21 11:33:23.444root 11241100x8000000000000000540149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.399fac6fb8e7bae02021-12-21 11:33:23.444root 11241100x8000000000000000540150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d49031a8f0be5fdc2021-12-21 11:33:23.444root 11241100x8000000000000000540151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59cc15b9eb4a57fa2021-12-21 11:33:23.444root 11241100x8000000000000000540152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b8d216f5073592c2021-12-21 11:33:23.445root 11241100x8000000000000000540153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a95e7988a5c37f052021-12-21 11:33:23.943root 11241100x8000000000000000540154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a06db74f763881812021-12-21 11:33:23.943root 11241100x8000000000000000540155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9239d4f5de45b9582021-12-21 11:33:23.943root 11241100x8000000000000000540156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cda9cad308dec892021-12-21 11:33:23.943root 11241100x8000000000000000540157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8db6bb61fcb9d47e2021-12-21 11:33:23.943root 11241100x8000000000000000540158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa43a2bf29a054a2021-12-21 11:33:23.944root 11241100x8000000000000000540159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1828f787013d7392021-12-21 11:33:23.944root 11241100x8000000000000000540160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0599ef457680e34c2021-12-21 11:33:23.944root 11241100x8000000000000000540161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9477a04051dac00b2021-12-21 11:33:23.944root 11241100x8000000000000000540162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3c1a782721225b22021-12-21 11:33:23.944root 11241100x8000000000000000540163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9149d6219b7a3af2021-12-21 11:33:23.944root 11241100x8000000000000000540164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e2aceb1fa50c8bd2021-12-21 11:33:23.944root 11241100x8000000000000000540165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8106f2c603712b0c2021-12-21 11:33:23.944root 11241100x8000000000000000540166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.446ebea3bb1282da2021-12-21 11:33:23.944root 11241100x8000000000000000540167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc9d0c0372f8af662021-12-21 11:33:23.944root 11241100x8000000000000000540168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee17e7308c5b73f82021-12-21 11:33:24.443root 11241100x8000000000000000540169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f36803aa3e8f8e612021-12-21 11:33:24.443root 11241100x8000000000000000540170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.017cbd622b373c0e2021-12-21 11:33:24.443root 11241100x8000000000000000540171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d2c95fb009abf0e2021-12-21 11:33:24.443root 11241100x8000000000000000540172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4d405d426bb63782021-12-21 11:33:24.443root 11241100x8000000000000000540173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef4903a98e11943d2021-12-21 11:33:24.444root 11241100x8000000000000000540174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cabc8be8d2b7e21d2021-12-21 11:33:24.444root 11241100x8000000000000000540175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6fc681ecbdb86022021-12-21 11:33:24.444root 11241100x8000000000000000540176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de3e9a9844740c082021-12-21 11:33:24.444root 11241100x8000000000000000540177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47bd1401f63af9b32021-12-21 11:33:24.444root 11241100x8000000000000000540178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2d7dde59a3a62c42021-12-21 11:33:24.444root 11241100x8000000000000000540179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d4e2a87115eb4f2021-12-21 11:33:24.444root 11241100x8000000000000000540180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8140e1aaf70a6e062021-12-21 11:33:24.444root 11241100x8000000000000000540181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dcf7829b49e3dd42021-12-21 11:33:24.444root 11241100x8000000000000000540182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae0b41648723835d2021-12-21 11:33:24.445root 11241100x8000000000000000540183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f36a95587f5abc12021-12-21 11:33:24.943root 11241100x8000000000000000540184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9169951b8f3de9122021-12-21 11:33:24.943root 11241100x8000000000000000540185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.569924e40e28b7362021-12-21 11:33:24.943root 11241100x8000000000000000540186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.460c102e806599b02021-12-21 11:33:24.943root 11241100x8000000000000000540187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f52a7b586e2f2602021-12-21 11:33:24.943root 11241100x8000000000000000540188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccbf464617c875fc2021-12-21 11:33:24.943root 11241100x8000000000000000540189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16569a764c5fb6942021-12-21 11:33:24.943root 11241100x8000000000000000540190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b178d744a9a1f3c2021-12-21 11:33:24.944root 11241100x8000000000000000540191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49feb7a05f7815bb2021-12-21 11:33:24.944root 11241100x8000000000000000540192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa2dfa1f15fadf7b2021-12-21 11:33:24.944root 11241100x8000000000000000540193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30b83c9bcf23c9312021-12-21 11:33:24.944root 11241100x8000000000000000540194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f3af67098607632021-12-21 11:33:24.944root 11241100x8000000000000000540195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eab5f76a345dc2d72021-12-21 11:33:24.944root 11241100x8000000000000000540196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f414723e991d83d82021-12-21 11:33:24.944root 11241100x8000000000000000540197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8ecc515c0fee39b2021-12-21 11:33:24.944root 11241100x8000000000000000540198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a840f797862b1a852021-12-21 11:33:25.443root 11241100x8000000000000000540199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da7af25d54afe13c2021-12-21 11:33:25.443root 11241100x8000000000000000540200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d95ecbbe03daf7082021-12-21 11:33:25.443root 11241100x8000000000000000540201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dbe02993e1e8ed92021-12-21 11:33:25.443root 11241100x8000000000000000540202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c67b9cabd8c4f54b2021-12-21 11:33:25.443root 11241100x8000000000000000540203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0b68d189d6933192021-12-21 11:33:25.443root 11241100x8000000000000000540204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c988b47933866862021-12-21 11:33:25.443root 11241100x8000000000000000540205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e075624f8bc5662021-12-21 11:33:25.444root 11241100x8000000000000000540206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6a79e068583465b2021-12-21 11:33:25.444root 11241100x8000000000000000540207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a70db963dc54c75b2021-12-21 11:33:25.444root 11241100x8000000000000000540208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdd131d78c16b7252021-12-21 11:33:25.444root 11241100x8000000000000000540209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bce27449151cdc052021-12-21 11:33:25.444root 11241100x8000000000000000540210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32f3f98c462257632021-12-21 11:33:25.444root 11241100x8000000000000000540211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.053a6d7cdc442fe92021-12-21 11:33:25.444root 11241100x8000000000000000540212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df92ef6911ea65032021-12-21 11:33:25.444root 354300x8000000000000000540213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:25.491{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-35780-false10.0.1.12-8089- 11241100x8000000000000000540214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4debd324da00b9292021-12-21 11:33:25.943root 11241100x8000000000000000540215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78a49f5d1faf3b902021-12-21 11:33:25.943root 11241100x8000000000000000540216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fbb004e1e48a9e52021-12-21 11:33:25.943root 11241100x8000000000000000540217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a8ed7eafbe865d02021-12-21 11:33:25.943root 11241100x8000000000000000540218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2172301330ad5ca2021-12-21 11:33:25.943root 11241100x8000000000000000540219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05c850589c38ede42021-12-21 11:33:25.943root 11241100x8000000000000000540220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7a3146aa5a699952021-12-21 11:33:25.944root 11241100x8000000000000000540221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbc5649feb5237582021-12-21 11:33:25.944root 11241100x8000000000000000540222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1388aec6da37fa682021-12-21 11:33:25.944root 11241100x8000000000000000540223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.762e951e9aef86062021-12-21 11:33:25.944root 11241100x8000000000000000540224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4e47e2ed525969d2021-12-21 11:33:25.944root 11241100x8000000000000000540225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11564b793fac0ce02021-12-21 11:33:25.944root 11241100x8000000000000000540226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8ffb4f2bf3de9062021-12-21 11:33:25.944root 11241100x8000000000000000540227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.595afc6dd2a334ee2021-12-21 11:33:25.944root 11241100x8000000000000000540228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c194783289d4b6a42021-12-21 11:33:25.944root 11241100x8000000000000000540229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37fa761c7919f7472021-12-21 11:33:25.944root 11241100x8000000000000000540230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47cc88cd85caf2092021-12-21 11:33:26.443root 11241100x8000000000000000540231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0a26659c52c66ee2021-12-21 11:33:26.443root 11241100x8000000000000000540232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0921825664e52f32021-12-21 11:33:26.443root 11241100x8000000000000000540233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bb4d0ef8f8b3e1c2021-12-21 11:33:26.443root 11241100x8000000000000000540234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80ca4592452d59e42021-12-21 11:33:26.443root 11241100x8000000000000000540235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97b6debc81e7f7e52021-12-21 11:33:26.443root 11241100x8000000000000000540236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28d46a9b5687e4bd2021-12-21 11:33:26.443root 11241100x8000000000000000540237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac5c25e92ad2dc182021-12-21 11:33:26.444root 11241100x8000000000000000540238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.843e99333fbe4e1d2021-12-21 11:33:26.444root 11241100x8000000000000000540239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a6505a3022680d52021-12-21 11:33:26.444root 11241100x8000000000000000540240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed901f7346266f952021-12-21 11:33:26.444root 11241100x8000000000000000540241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.108899c4381fddd12021-12-21 11:33:26.444root 11241100x8000000000000000540242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4724a795b5f6eb752021-12-21 11:33:26.444root 11241100x8000000000000000540243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47154ba0cb715fda2021-12-21 11:33:26.444root 11241100x8000000000000000540244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dd285e02dc2aee72021-12-21 11:33:26.444root 11241100x8000000000000000540245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.065be762d615a9042021-12-21 11:33:26.444root 11241100x8000000000000000540246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d423a432af327e292021-12-21 11:33:26.943root 11241100x8000000000000000540247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9106c9cbee8e838b2021-12-21 11:33:26.943root 11241100x8000000000000000540248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff4340a539280a7b2021-12-21 11:33:26.943root 11241100x8000000000000000540249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfe66b6a74b63f5f2021-12-21 11:33:26.943root 11241100x8000000000000000540250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54d36159ceba6e102021-12-21 11:33:26.943root 11241100x8000000000000000540251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0de056739819f1012021-12-21 11:33:26.943root 11241100x8000000000000000540252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.455848251f3a9c192021-12-21 11:33:26.943root 11241100x8000000000000000540253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f279ebc61571e062021-12-21 11:33:26.944root 11241100x8000000000000000540254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17091f0e0e06e0822021-12-21 11:33:26.944root 11241100x8000000000000000540255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.701900332740b9b32021-12-21 11:33:26.944root 11241100x8000000000000000540256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdc6c84e66f97cfe2021-12-21 11:33:26.944root 11241100x8000000000000000540257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13e720d3623279d72021-12-21 11:33:26.944root 11241100x8000000000000000540258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8146cec021229a62021-12-21 11:33:26.944root 11241100x8000000000000000540259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41c34d45d22f9d002021-12-21 11:33:26.944root 11241100x8000000000000000540260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6defa8cc1c92ddd2021-12-21 11:33:26.944root 11241100x8000000000000000540261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cf0b536c74aa5202021-12-21 11:33:26.944root 354300x8000000000000000540262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:27.106{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48718-false10.0.1.12-8000- 11241100x8000000000000000540263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66120a5e155b51762021-12-21 11:33:27.443root 11241100x8000000000000000540264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42e1b88fae74ae6f2021-12-21 11:33:27.443root 11241100x8000000000000000540265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fdd412768d67d512021-12-21 11:33:27.443root 11241100x8000000000000000540266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ac18b8b6d7fbe02021-12-21 11:33:27.443root 11241100x8000000000000000540267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a251b06db5cd7b22021-12-21 11:33:27.443root 11241100x8000000000000000540268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea5f1c14a3abf5522021-12-21 11:33:27.444root 11241100x8000000000000000540269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89586376cea12ac92021-12-21 11:33:27.444root 11241100x8000000000000000540270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.169bf9926e664bff2021-12-21 11:33:27.444root 11241100x8000000000000000540271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e3d06d0759e06092021-12-21 11:33:27.444root 11241100x8000000000000000540272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b68c3078ee6fabf2021-12-21 11:33:27.444root 11241100x8000000000000000540273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a850b51ba0df472021-12-21 11:33:27.444root 11241100x8000000000000000540274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aff68b44d2af911b2021-12-21 11:33:27.444root 11241100x8000000000000000540275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7048c87deaf3c3612021-12-21 11:33:27.444root 11241100x8000000000000000540276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbb637e3dc63c3292021-12-21 11:33:27.444root 11241100x8000000000000000540277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95f46e6a6570b9752021-12-21 11:33:27.444root 11241100x8000000000000000540278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78de2d37d6de627b2021-12-21 11:33:27.444root 11241100x8000000000000000540279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.962efbd1c4380fcf2021-12-21 11:33:27.444root 11241100x8000000000000000540280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e24c5824e8d75ca12021-12-21 11:33:27.943root 11241100x8000000000000000540281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.726f1eef45630af92021-12-21 11:33:27.943root 11241100x8000000000000000540282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b6a7f247db60d7c2021-12-21 11:33:27.943root 11241100x8000000000000000540283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58c05ca4e6b791122021-12-21 11:33:27.943root 11241100x8000000000000000540284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc94d20f5568a6a02021-12-21 11:33:27.943root 11241100x8000000000000000540285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b392665e1a66d81a2021-12-21 11:33:27.944root 11241100x8000000000000000540286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcfb0a34ff960f642021-12-21 11:33:27.944root 11241100x8000000000000000540287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56b5b47063522cba2021-12-21 11:33:27.944root 11241100x8000000000000000540288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af474a8180cd153d2021-12-21 11:33:27.944root 11241100x8000000000000000540289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aec329ef3b4eddf2021-12-21 11:33:27.944root 11241100x8000000000000000540290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df4e15c557cce4ae2021-12-21 11:33:27.944root 11241100x8000000000000000540291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98664082016e7eb12021-12-21 11:33:27.944root 11241100x8000000000000000540292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.490387f0654bf98c2021-12-21 11:33:27.944root 11241100x8000000000000000540293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29651fe5ee61b6012021-12-21 11:33:27.944root 11241100x8000000000000000540294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bb63d86356d62332021-12-21 11:33:27.944root 11241100x8000000000000000540295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db4905715a7928602021-12-21 11:33:27.944root 11241100x8000000000000000540296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8518ae1249a634b42021-12-21 11:33:27.944root 11241100x8000000000000000540297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8537c6728f8717cf2021-12-21 11:33:28.443root 11241100x8000000000000000540298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b76e4653d58c007a2021-12-21 11:33:28.443root 11241100x8000000000000000540299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4445efcc214741a2021-12-21 11:33:28.443root 11241100x8000000000000000540300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fd59ad9c40f6fa72021-12-21 11:33:28.443root 11241100x8000000000000000540301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18168a36836dc64b2021-12-21 11:33:28.444root 11241100x8000000000000000540302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94742414e0c250d52021-12-21 11:33:28.444root 11241100x8000000000000000540303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5127bbb3b54b7e952021-12-21 11:33:28.444root 11241100x8000000000000000540304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90243631656f32d42021-12-21 11:33:28.444root 11241100x8000000000000000540305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed33c777734bb43f2021-12-21 11:33:28.444root 11241100x8000000000000000540306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77476ae21c32115a2021-12-21 11:33:28.444root 11241100x8000000000000000540307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa905b3cd5c48d6c2021-12-21 11:33:28.444root 11241100x8000000000000000540308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.704117b7071ae7672021-12-21 11:33:28.444root 11241100x8000000000000000540309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce57bc86f06fb82d2021-12-21 11:33:28.444root 11241100x8000000000000000540310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e446f10d37ff7d9e2021-12-21 11:33:28.444root 11241100x8000000000000000540311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41d9abf351b336012021-12-21 11:33:28.444root 11241100x8000000000000000540312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c52ceea100e8f2572021-12-21 11:33:28.444root 11241100x8000000000000000540313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63ec60bd26d03f4d2021-12-21 11:33:28.444root 11241100x8000000000000000540314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b049a262958cb1322021-12-21 11:33:28.943root 11241100x8000000000000000540315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.004aa14ef2dc59052021-12-21 11:33:28.943root 11241100x8000000000000000540316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b228906aec60a2292021-12-21 11:33:28.943root 11241100x8000000000000000540317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe5e0892e92fd0ee2021-12-21 11:33:28.943root 11241100x8000000000000000540318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fec04e0ea1b498022021-12-21 11:33:28.944root 11241100x8000000000000000540319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7206d57d47ba97f2021-12-21 11:33:28.944root 11241100x8000000000000000540320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a223239fc3f2544e2021-12-21 11:33:28.944root 11241100x8000000000000000540321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e889959dd7c2d64f2021-12-21 11:33:28.944root 11241100x8000000000000000540322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b5d768a408949712021-12-21 11:33:28.944root 11241100x8000000000000000540323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.728de015c71a662b2021-12-21 11:33:28.944root 11241100x8000000000000000540324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4262b8a2e12d83042021-12-21 11:33:28.944root 11241100x8000000000000000540325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bd784d96128fc582021-12-21 11:33:28.944root 11241100x8000000000000000540326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d10b95c7f481c72021-12-21 11:33:28.944root 11241100x8000000000000000540327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.917914f24cba68fd2021-12-21 11:33:28.944root 11241100x8000000000000000540328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9facaf5397c3743e2021-12-21 11:33:28.944root 11241100x8000000000000000540329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f27bc906aaac8f12021-12-21 11:33:28.944root 11241100x8000000000000000540330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.137edfdd256862502021-12-21 11:33:28.944root 11241100x8000000000000000540331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e79433bafa39f422021-12-21 11:33:29.443root 11241100x8000000000000000540332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69439e46612ef5d22021-12-21 11:33:29.443root 11241100x8000000000000000540333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aaf613b135cbbde2021-12-21 11:33:29.443root 11241100x8000000000000000540334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfb5d7686d4ec8ce2021-12-21 11:33:29.443root 11241100x8000000000000000540335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1713163e3619f44e2021-12-21 11:33:29.443root 11241100x8000000000000000540336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8462edaaabdc27b2021-12-21 11:33:29.444root 11241100x8000000000000000540337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.985f6ad513a4ab6b2021-12-21 11:33:29.444root 11241100x8000000000000000540338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ca8b85e86a7bea32021-12-21 11:33:29.444root 11241100x8000000000000000540339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cc100aaec99a58c2021-12-21 11:33:29.444root 11241100x8000000000000000540340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.837fc8587a60c0612021-12-21 11:33:29.444root 11241100x8000000000000000540341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1289c8bb3f37c1e2021-12-21 11:33:29.444root 11241100x8000000000000000540342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.415686627e3168ca2021-12-21 11:33:29.444root 11241100x8000000000000000540343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc608761cadc76a2021-12-21 11:33:29.444root 11241100x8000000000000000540344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.606e62fc2815f80c2021-12-21 11:33:29.444root 11241100x8000000000000000540345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e879fcd479ba1242021-12-21 11:33:29.444root 11241100x8000000000000000540346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.addd94b4cebd868a2021-12-21 11:33:29.444root 11241100x8000000000000000540347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a7698db6840215a2021-12-21 11:33:29.444root 11241100x8000000000000000540348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f16b6c504bf07df2021-12-21 11:33:29.943root 11241100x8000000000000000540349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f990045a491ec3282021-12-21 11:33:29.943root 11241100x8000000000000000540350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d211e47fbb2787692021-12-21 11:33:29.943root 11241100x8000000000000000540351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91721761069b35842021-12-21 11:33:29.943root 11241100x8000000000000000540352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.324724c92e8b101d2021-12-21 11:33:29.943root 11241100x8000000000000000540353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcd756e2e78ebfe82021-12-21 11:33:29.943root 11241100x8000000000000000540354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d74a755ec3b528f12021-12-21 11:33:29.944root 11241100x8000000000000000540355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be648e16f948f23f2021-12-21 11:33:29.944root 11241100x8000000000000000540356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ffe941a5e2eed602021-12-21 11:33:29.944root 11241100x8000000000000000540357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92cd0adf7b57c8002021-12-21 11:33:29.944root 11241100x8000000000000000540358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b45f8990b790f4c62021-12-21 11:33:29.944root 11241100x8000000000000000540359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74fcf47497bbb4a42021-12-21 11:33:29.944root 11241100x8000000000000000540360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f524028ccd0363f02021-12-21 11:33:29.944root 11241100x8000000000000000540361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90a469669103e7912021-12-21 11:33:29.944root 11241100x8000000000000000540362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4159d55f4f367772021-12-21 11:33:29.944root 11241100x8000000000000000540363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f97ee3b2674cfa422021-12-21 11:33:29.944root 11241100x8000000000000000540364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dcb3e5e15a5cb272021-12-21 11:33:29.944root 11241100x8000000000000000540365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aa7b42db64551692021-12-21 11:33:30.443root 11241100x8000000000000000540366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06a9ce25a67d665a2021-12-21 11:33:30.443root 11241100x8000000000000000540367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.558fb2f7a0d8321b2021-12-21 11:33:30.443root 11241100x8000000000000000540368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5198e0bcaaae78c12021-12-21 11:33:30.443root 11241100x8000000000000000540369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78199e6cc49fb1fa2021-12-21 11:33:30.443root 11241100x8000000000000000540370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34d0549f428f97342021-12-21 11:33:30.444root 11241100x8000000000000000540371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2c25938c739f7b02021-12-21 11:33:30.444root 11241100x8000000000000000540372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1eada37336481fe2021-12-21 11:33:30.444root 11241100x8000000000000000540373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.614b5349e8b49fa92021-12-21 11:33:30.444root 11241100x8000000000000000540374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d551187c04ce53922021-12-21 11:33:30.444root 11241100x8000000000000000540375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf07f8753f24363f2021-12-21 11:33:30.444root 11241100x8000000000000000540376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab793d189c8ac7f22021-12-21 11:33:30.444root 11241100x8000000000000000540377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.326bdd394eb32e432021-12-21 11:33:30.444root 11241100x8000000000000000540378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2079ca98ab2336512021-12-21 11:33:30.444root 11241100x8000000000000000540379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.651df1b9ea55e7742021-12-21 11:33:30.444root 11241100x8000000000000000540380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9f21d9fc5fb60de2021-12-21 11:33:30.444root 11241100x8000000000000000540381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04b25bab653a166a2021-12-21 11:33:30.444root 11241100x8000000000000000540382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f1cb2b1c71fac652021-12-21 11:33:30.943root 11241100x8000000000000000540383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df7257bbf34c746b2021-12-21 11:33:30.943root 11241100x8000000000000000540384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf9d5473796bc4ba2021-12-21 11:33:30.943root 11241100x8000000000000000540385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d01b0cb07c0372122021-12-21 11:33:30.943root 11241100x8000000000000000540386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b263be804ab937a92021-12-21 11:33:30.944root 11241100x8000000000000000540387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b809b4fc0afec4d72021-12-21 11:33:30.944root 11241100x8000000000000000540388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f56957ed25bddcad2021-12-21 11:33:30.944root 11241100x8000000000000000540389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.009f416933265bf72021-12-21 11:33:30.944root 11241100x8000000000000000540390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4981e7087ec93ec02021-12-21 11:33:30.944root 11241100x8000000000000000540391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c4b95f152302dcf2021-12-21 11:33:30.944root 11241100x8000000000000000540392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcbe121d5320de782021-12-21 11:33:30.944root 11241100x8000000000000000540393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75b0fc1bb7ceca592021-12-21 11:33:30.944root 11241100x8000000000000000540394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1f5c4231dde5bdb2021-12-21 11:33:30.944root 11241100x8000000000000000540395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9874d6a5c6e61e2e2021-12-21 11:33:30.944root 11241100x8000000000000000540396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18705b95965a900d2021-12-21 11:33:30.944root 11241100x8000000000000000540397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d9ccdedbf8ab2862021-12-21 11:33:30.944root 11241100x8000000000000000540398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44a6f6cd0f094d8e2021-12-21 11:33:30.944root 11241100x8000000000000000540399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82fc2790d23608062021-12-21 11:33:31.443root 11241100x8000000000000000540400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa9aaff752c6f7082021-12-21 11:33:31.443root 11241100x8000000000000000540401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.910a6b07b710e2a22021-12-21 11:33:31.443root 11241100x8000000000000000540402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f030c556031cd912021-12-21 11:33:31.443root 11241100x8000000000000000540403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15551c94b062adf52021-12-21 11:33:31.443root 11241100x8000000000000000540404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.641074e4db293d8a2021-12-21 11:33:31.444root 11241100x8000000000000000540405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e110e167468266d2021-12-21 11:33:31.444root 11241100x8000000000000000540406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.218b7dd1c795b5a62021-12-21 11:33:31.444root 11241100x8000000000000000540407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d18bf720857ed4352021-12-21 11:33:31.444root 11241100x8000000000000000540408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3277ae25c65466dd2021-12-21 11:33:31.444root 11241100x8000000000000000540409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08cfe3dab7d546762021-12-21 11:33:31.444root 11241100x8000000000000000540410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.215add2db4566b242021-12-21 11:33:31.444root 11241100x8000000000000000540411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3768e51791363f402021-12-21 11:33:31.444root 11241100x8000000000000000540412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.583b6a73efc285652021-12-21 11:33:31.444root 11241100x8000000000000000540413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c736dc1bf9ab9502021-12-21 11:33:31.444root 11241100x8000000000000000540414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ce5b19dfb88d8852021-12-21 11:33:31.444root 11241100x8000000000000000540415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed8ebdb73e499de2021-12-21 11:33:31.444root 11241100x8000000000000000540416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b2a773aa21f3baf2021-12-21 11:33:31.943root 11241100x8000000000000000540417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.561714ce80540a5b2021-12-21 11:33:31.943root 11241100x8000000000000000540418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d47ce9b3d73b4e9d2021-12-21 11:33:31.943root 11241100x8000000000000000540419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45aae4cb5ca9d2812021-12-21 11:33:31.943root 11241100x8000000000000000540420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ed21d95886f78072021-12-21 11:33:31.943root 11241100x8000000000000000540421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.786522752f65ffb52021-12-21 11:33:31.943root 11241100x8000000000000000540422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a5afe433818ff8d2021-12-21 11:33:31.944root 11241100x8000000000000000540423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29e06ca4368da5992021-12-21 11:33:31.944root 11241100x8000000000000000540424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec137819a5ecbc492021-12-21 11:33:31.944root 11241100x8000000000000000540425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9019da3c0dd962122021-12-21 11:33:31.944root 11241100x8000000000000000540426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef70bcc4dc0a77102021-12-21 11:33:31.944root 11241100x8000000000000000540427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db0a4d6810b90ab92021-12-21 11:33:31.944root 11241100x8000000000000000540428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a541192d1bd6daa2021-12-21 11:33:31.944root 11241100x8000000000000000540429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fcc5c4700003f8e2021-12-21 11:33:31.944root 11241100x8000000000000000540430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6749f24aeb92cd332021-12-21 11:33:31.944root 11241100x8000000000000000540431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ca74f149a367bfd2021-12-21 11:33:31.944root 11241100x8000000000000000540432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.439389abbf71d1c42021-12-21 11:33:31.944root 11241100x8000000000000000540433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48aa55f2d79470a02021-12-21 11:33:32.443root 11241100x8000000000000000540434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35e03013ccd261532021-12-21 11:33:32.443root 11241100x8000000000000000540435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bc6abe54d3f4a052021-12-21 11:33:32.443root 11241100x8000000000000000540436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0813b35818bea7b22021-12-21 11:33:32.443root 11241100x8000000000000000540437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.674128084690290c2021-12-21 11:33:32.443root 11241100x8000000000000000540438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.871840eb447a8a8f2021-12-21 11:33:32.444root 11241100x8000000000000000540439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8cddb40076384292021-12-21 11:33:32.444root 11241100x8000000000000000540440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc49b7e2d444383f2021-12-21 11:33:32.444root 11241100x8000000000000000540441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7501abe882dfbb752021-12-21 11:33:32.444root 11241100x8000000000000000540442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13fcb201c129b37e2021-12-21 11:33:32.444root 11241100x8000000000000000540443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d64a20812910a2f12021-12-21 11:33:32.444root 11241100x8000000000000000540444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bfd33ca4b8bad752021-12-21 11:33:32.444root 11241100x8000000000000000540445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fabeecf2f1febe4e2021-12-21 11:33:32.444root 11241100x8000000000000000540446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d0fe7c690fdcd8b2021-12-21 11:33:32.444root 11241100x8000000000000000540447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db491b810e348e8d2021-12-21 11:33:32.444root 11241100x8000000000000000540448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c0d83749de20eb2021-12-21 11:33:32.444root 11241100x8000000000000000540449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ec0e95484e7fd7f2021-12-21 11:33:32.444root 11241100x8000000000000000540450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa5eedb9e1116ca12021-12-21 11:33:32.943root 11241100x8000000000000000540451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acf8b7df5aa6835c2021-12-21 11:33:32.943root 11241100x8000000000000000540452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.092cacc5ef958d032021-12-21 11:33:32.943root 11241100x8000000000000000540453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77978623f35bffc32021-12-21 11:33:32.943root 11241100x8000000000000000540454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.498223e575b79bea2021-12-21 11:33:32.943root 11241100x8000000000000000540455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e83adcce26f3bb2021-12-21 11:33:32.944root 11241100x8000000000000000540456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62c3a6a77f424ab22021-12-21 11:33:32.944root 11241100x8000000000000000540457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22d37bc4d8977f792021-12-21 11:33:32.944root 11241100x8000000000000000540458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5c6a31aac93b8b32021-12-21 11:33:32.944root 11241100x8000000000000000540459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b996cf6be0db7c22021-12-21 11:33:32.944root 11241100x8000000000000000540460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b28827d57dbc65a02021-12-21 11:33:32.944root 11241100x8000000000000000540461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c71b358adb9d385c2021-12-21 11:33:32.944root 11241100x8000000000000000540462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56e7c893615e5fd82021-12-21 11:33:32.944root 11241100x8000000000000000540463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73fe1984bb88ba2e2021-12-21 11:33:32.944root 11241100x8000000000000000540464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4e72377bbfbbadf2021-12-21 11:33:32.944root 11241100x8000000000000000540465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82e1e319c6d89e262021-12-21 11:33:32.944root 11241100x8000000000000000540466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbaf3076926611c62021-12-21 11:33:32.944root 354300x8000000000000000540467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:33.016{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48720-false10.0.1.12-8000- 11241100x8000000000000000540468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03b6fc6e022a83cb2021-12-21 11:33:33.443root 11241100x8000000000000000540469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a228bcdba22fc3852021-12-21 11:33:33.443root 11241100x8000000000000000540470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ee632b3f07fca562021-12-21 11:33:33.444root 11241100x8000000000000000540471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1dfb03210b7f80e2021-12-21 11:33:33.444root 11241100x8000000000000000540472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56246d32c5cdc7d02021-12-21 11:33:33.444root 11241100x8000000000000000540473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eea90aab1fe04f5a2021-12-21 11:33:33.444root 11241100x8000000000000000540474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcebe725b6d23bcf2021-12-21 11:33:33.444root 11241100x8000000000000000540475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42055d95f01a3e782021-12-21 11:33:33.444root 11241100x8000000000000000540476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c6b0e7b71700382021-12-21 11:33:33.445root 11241100x8000000000000000540477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fb509b1002e49b12021-12-21 11:33:33.445root 11241100x8000000000000000540478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9e7111d80d95cb92021-12-21 11:33:33.445root 11241100x8000000000000000540479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d067dcc85a15e552021-12-21 11:33:33.445root 11241100x8000000000000000540480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c860dd0ceec49ec2021-12-21 11:33:33.445root 11241100x8000000000000000540481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b75786011a8ba572021-12-21 11:33:33.445root 11241100x8000000000000000540482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e926c2782d7f65092021-12-21 11:33:33.445root 11241100x8000000000000000540483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2be646f549568922021-12-21 11:33:33.445root 11241100x8000000000000000540484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c6a70ca7e33ede22021-12-21 11:33:33.445root 11241100x8000000000000000540485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac6ba4083971d1492021-12-21 11:33:33.445root 11241100x8000000000000000540486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d503bce5ce6c4062021-12-21 11:33:33.943root 11241100x8000000000000000540487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18d9f6201a7cfe8a2021-12-21 11:33:33.943root 11241100x8000000000000000540488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62053fb2c9e3f26c2021-12-21 11:33:33.943root 11241100x8000000000000000540489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfea590bd35bd0692021-12-21 11:33:33.944root 11241100x8000000000000000540490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcdc5fa64b0db4872021-12-21 11:33:33.944root 11241100x8000000000000000540491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ced664d048cc33f22021-12-21 11:33:33.944root 11241100x8000000000000000540492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.216eb49de3d6bc7b2021-12-21 11:33:33.944root 11241100x8000000000000000540493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f62dbf81952a2202021-12-21 11:33:33.944root 11241100x8000000000000000540494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.750f05e828bd94cb2021-12-21 11:33:33.944root 11241100x8000000000000000540495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89f12bb829b03f012021-12-21 11:33:33.944root 11241100x8000000000000000540496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0860cce5311fe2682021-12-21 11:33:33.944root 11241100x8000000000000000540497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7706baad57eed4cc2021-12-21 11:33:33.944root 11241100x8000000000000000540498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.891a6db56110f4902021-12-21 11:33:33.945root 11241100x8000000000000000540499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dce82182bc3e682d2021-12-21 11:33:33.945root 11241100x8000000000000000540500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37c9485a001586ae2021-12-21 11:33:33.945root 11241100x8000000000000000540501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ac2da73ff0d2be62021-12-21 11:33:33.945root 11241100x8000000000000000540502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7a389d41d19452c2021-12-21 11:33:33.945root 11241100x8000000000000000540503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74c5410f9eef331d2021-12-21 11:33:33.945root 11241100x8000000000000000540504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d35d7dde889ac5e92021-12-21 11:33:34.443root 11241100x8000000000000000540505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2336cc536a11faf2021-12-21 11:33:34.443root 11241100x8000000000000000540506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63a9b6d9209b517f2021-12-21 11:33:34.443root 11241100x8000000000000000540507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cda3bd8b9c6923282021-12-21 11:33:34.443root 11241100x8000000000000000540508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a8b1e4c0ea4c4db2021-12-21 11:33:34.444root 11241100x8000000000000000540509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ea491e996f045ba2021-12-21 11:33:34.444root 11241100x8000000000000000540510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e56d20d35f47ceb2021-12-21 11:33:34.444root 11241100x8000000000000000540511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee2441d785d5f07b2021-12-21 11:33:34.444root 11241100x8000000000000000540512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7628c5efcac6bb562021-12-21 11:33:34.444root 11241100x8000000000000000540513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d39d6171c52fa22d2021-12-21 11:33:34.444root 11241100x8000000000000000540514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45dbf3bf12e4c9ae2021-12-21 11:33:34.444root 11241100x8000000000000000540515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f75ac86b50f2deb92021-12-21 11:33:34.444root 11241100x8000000000000000540516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb91b7018f665b192021-12-21 11:33:34.444root 11241100x8000000000000000540517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e15a03bc6fc7c42021-12-21 11:33:34.444root 11241100x8000000000000000540518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a7cbfcd0f2bab2a2021-12-21 11:33:34.444root 11241100x8000000000000000540519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdc2de9287f9ea282021-12-21 11:33:34.444root 11241100x8000000000000000540520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38ff2d4f71638ef42021-12-21 11:33:34.444root 11241100x8000000000000000540521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd33c935bb2e712d2021-12-21 11:33:34.444root 11241100x8000000000000000540522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1bd60b9e97af0a82021-12-21 11:33:34.943root 11241100x8000000000000000540523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.557ea49a5ff5ab9e2021-12-21 11:33:34.943root 11241100x8000000000000000540524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27c4f20373036b392021-12-21 11:33:34.943root 11241100x8000000000000000540525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f5503a4fa6a74732021-12-21 11:33:34.943root 11241100x8000000000000000540526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c5d9ec583a501912021-12-21 11:33:34.943root 11241100x8000000000000000540527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4869020fcc0b8a4e2021-12-21 11:33:34.944root 11241100x8000000000000000540528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75bac65efd3cdabb2021-12-21 11:33:34.944root 11241100x8000000000000000540529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0021d677155c1712021-12-21 11:33:34.944root 11241100x8000000000000000540530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59880a8b93d4926f2021-12-21 11:33:34.944root 11241100x8000000000000000540531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19b7b26f060ba4882021-12-21 11:33:34.944root 11241100x8000000000000000540532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c31138b19e9fa69b2021-12-21 11:33:34.944root 11241100x8000000000000000540533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5cbc0553d063bb92021-12-21 11:33:34.944root 11241100x8000000000000000540534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04b3c204e2da482f2021-12-21 11:33:34.944root 11241100x8000000000000000540535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af5c4951b95b4bda2021-12-21 11:33:34.944root 11241100x8000000000000000540536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a26432f8c2e9794a2021-12-21 11:33:34.944root 11241100x8000000000000000540537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f42dc5aa80099092021-12-21 11:33:34.944root 11241100x8000000000000000540538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81613040c07a42ae2021-12-21 11:33:34.944root 11241100x8000000000000000540539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c1cbc007618e922021-12-21 11:33:34.944root 11241100x8000000000000000540540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed9afbb0dcb010e82021-12-21 11:33:35.443root 11241100x8000000000000000540541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1b1fcf7e4bede902021-12-21 11:33:35.443root 11241100x8000000000000000540542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dec3e1394b4d87b72021-12-21 11:33:35.443root 11241100x8000000000000000540543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47ca2b0f9e0eeb712021-12-21 11:33:35.443root 11241100x8000000000000000540544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0fa87341a3a642e2021-12-21 11:33:35.443root 11241100x8000000000000000540545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.648ad616ad62d94b2021-12-21 11:33:35.444root 11241100x8000000000000000540546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8d3196098c8e6702021-12-21 11:33:35.444root 11241100x8000000000000000540547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.565fda2f8f3889832021-12-21 11:33:35.444root 11241100x8000000000000000540548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.067047f854ac164c2021-12-21 11:33:35.444root 11241100x8000000000000000540549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d29edd8f9ea2be2021-12-21 11:33:35.444root 11241100x8000000000000000540550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.261496d13aa2c7772021-12-21 11:33:35.444root 11241100x8000000000000000540551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ee0558dbf8027092021-12-21 11:33:35.444root 11241100x8000000000000000540552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9137de8d58c98a1f2021-12-21 11:33:35.444root 11241100x8000000000000000540553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24c64958e8418a222021-12-21 11:33:35.444root 11241100x8000000000000000540554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30a19c77619e7e132021-12-21 11:33:35.444root 11241100x8000000000000000540555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c134c0c8db3032e32021-12-21 11:33:35.444root 11241100x8000000000000000540556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8b47ef042539df52021-12-21 11:33:35.444root 11241100x8000000000000000540557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daefcd2d012be7632021-12-21 11:33:35.444root 11241100x8000000000000000540558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d714e92d006ece922021-12-21 11:33:35.943root 11241100x8000000000000000540559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97fdec381583df252021-12-21 11:33:35.943root 11241100x8000000000000000540560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02e90f521da5a0862021-12-21 11:33:35.943root 11241100x8000000000000000540561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b91ee9beda4542f2021-12-21 11:33:35.943root 11241100x8000000000000000540562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbb55360a87c41022021-12-21 11:33:35.943root 11241100x8000000000000000540563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e680adaa1a2e2d5f2021-12-21 11:33:35.944root 11241100x8000000000000000540564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.643af9385b3ca1642021-12-21 11:33:35.944root 11241100x8000000000000000540565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aabb0ae132de2db2021-12-21 11:33:35.944root 11241100x8000000000000000540566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7934b16d134f70c12021-12-21 11:33:35.944root 11241100x8000000000000000540567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.413dd0fa58c108822021-12-21 11:33:35.944root 11241100x8000000000000000540568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a02e10f9d7ffbf752021-12-21 11:33:35.944root 11241100x8000000000000000540569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bd88f31b174e5ae2021-12-21 11:33:35.944root 11241100x8000000000000000540570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f43d2005562d68a32021-12-21 11:33:35.944root 11241100x8000000000000000540571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca44cd72315ff1962021-12-21 11:33:35.944root 11241100x8000000000000000540572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae8d1ad06345e1fd2021-12-21 11:33:35.944root 11241100x8000000000000000540573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a16151ef94871962021-12-21 11:33:35.944root 11241100x8000000000000000540574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49831c54f8e6f7572021-12-21 11:33:35.944root 11241100x8000000000000000540575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c24840766e891c242021-12-21 11:33:35.944root 11241100x8000000000000000540576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:36.326{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 11:33:36.326root 11241100x8000000000000000540577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:36.327{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.683c0e74e89f393a2021-12-21 11:33:36.327root 11241100x8000000000000000540578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:36.327{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e06372f44f8187182021-12-21 11:33:36.327root 11241100x8000000000000000540579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:36.327{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4f7457e8d108e452021-12-21 11:33:36.327root 11241100x8000000000000000540580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:36.327{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cca8fb92377b785c2021-12-21 11:33:36.327root 11241100x8000000000000000540581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:36.327{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08df42781564844b2021-12-21 11:33:36.327root 11241100x8000000000000000540582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:36.328{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2798865dcb6f0fde2021-12-21 11:33:36.328root 11241100x8000000000000000540583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:36.328{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed6767715ea049672021-12-21 11:33:36.328root 11241100x8000000000000000540584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:36.328{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1844c8366a518f432021-12-21 11:33:36.328root 11241100x8000000000000000540585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:36.328{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.285967b58c37581d2021-12-21 11:33:36.328root 11241100x8000000000000000540586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:36.328{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa468261e976ab712021-12-21 11:33:36.328root 11241100x8000000000000000540587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:36.328{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7deda6b4e0577c62021-12-21 11:33:36.328root 11241100x8000000000000000540588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:36.328{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffde6c79c54ef7892021-12-21 11:33:36.328root 11241100x8000000000000000540589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:36.328{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a75b780f0718ec992021-12-21 11:33:36.328root 11241100x8000000000000000540590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:36.328{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dc70194148037772021-12-21 11:33:36.328root 11241100x8000000000000000540591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:36.328{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b2c03af2da975fa2021-12-21 11:33:36.328root 11241100x8000000000000000540592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:36.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89f0684b7fd30a632021-12-21 11:33:36.329root 11241100x8000000000000000540593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:36.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f6d85f972962d932021-12-21 11:33:36.329root 11241100x8000000000000000540594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:36.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47494959abc4691a2021-12-21 11:33:36.329root 11241100x8000000000000000540595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:36.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.380dc6edfa9e12fb2021-12-21 11:33:36.329root 11241100x8000000000000000540596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10cfbf3b87f8d70c2021-12-21 11:33:36.693root 11241100x8000000000000000540597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba7372eb1d76901e2021-12-21 11:33:36.693root 11241100x8000000000000000540598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e7345b6d50e048e2021-12-21 11:33:36.693root 11241100x8000000000000000540599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.666fdd0a7217c7cd2021-12-21 11:33:36.693root 11241100x8000000000000000540600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc259a4b21926eac2021-12-21 11:33:36.693root 11241100x8000000000000000540601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c92274409625c52021-12-21 11:33:36.694root 11241100x8000000000000000540602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5a38ffce7b1a7852021-12-21 11:33:36.694root 11241100x8000000000000000540603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e11293a8dc577bc2021-12-21 11:33:36.694root 11241100x8000000000000000540604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcbaf43a4ccc15ae2021-12-21 11:33:36.694root 11241100x8000000000000000540605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e73727f51e9dd2a2021-12-21 11:33:36.694root 11241100x8000000000000000540606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d2c56781f6637d2021-12-21 11:33:36.694root 11241100x8000000000000000540607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cd8f8c65eddb3532021-12-21 11:33:36.694root 11241100x8000000000000000540608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dde83aa1d3828182021-12-21 11:33:36.694root 11241100x8000000000000000540609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af0c95c7d946ccbc2021-12-21 11:33:36.694root 11241100x8000000000000000540610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80e18a51bc56f3512021-12-21 11:33:36.694root 11241100x8000000000000000540611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c64730d2121ff5a12021-12-21 11:33:36.694root 11241100x8000000000000000540612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e40de12702a525662021-12-21 11:33:36.694root 11241100x8000000000000000540613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2de90e3ffb97ed42021-12-21 11:33:36.694root 11241100x8000000000000000540614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d5f6b7504a8712c2021-12-21 11:33:36.694root 11241100x8000000000000000540615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f774c5320d5e8f722021-12-21 11:33:37.193root 11241100x8000000000000000540616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7521bdd2d17cec32021-12-21 11:33:37.193root 11241100x8000000000000000540617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4028cb4005ad4a7d2021-12-21 11:33:37.193root 11241100x8000000000000000540618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.878ccf6ba61c91eb2021-12-21 11:33:37.193root 11241100x8000000000000000540619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e04e2fdcb74f4e02021-12-21 11:33:37.193root 11241100x8000000000000000540620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d786044bdbcb2f02021-12-21 11:33:37.194root 11241100x8000000000000000540621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.515c2c2a4bcc024d2021-12-21 11:33:37.194root 11241100x8000000000000000540622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.381968f55b7e5a422021-12-21 11:33:37.194root 11241100x8000000000000000540623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe662aeb75702c532021-12-21 11:33:37.194root 11241100x8000000000000000540624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4bc5d9ea67acf352021-12-21 11:33:37.194root 11241100x8000000000000000540625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1e89466b5aa19a52021-12-21 11:33:37.194root 11241100x8000000000000000540626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70f8ad6a4cf52fbf2021-12-21 11:33:37.194root 11241100x8000000000000000540627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba4303e9e7bc13a32021-12-21 11:33:37.194root 11241100x8000000000000000540628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acf5e7c3781c21432021-12-21 11:33:37.194root 11241100x8000000000000000540629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b238cd50360d2a212021-12-21 11:33:37.194root 11241100x8000000000000000540630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db16a54684150f902021-12-21 11:33:37.194root 11241100x8000000000000000540631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6817e514a203d2362021-12-21 11:33:37.194root 11241100x8000000000000000540632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fed87881c7eb9f9c2021-12-21 11:33:37.194root 11241100x8000000000000000540633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c3f801ed3334bf62021-12-21 11:33:37.194root 11241100x8000000000000000540634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.705abe512ff85dd42021-12-21 11:33:37.693root 11241100x8000000000000000540635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67074c9beab385262021-12-21 11:33:37.693root 11241100x8000000000000000540636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b51511d30b7f63f02021-12-21 11:33:37.693root 11241100x8000000000000000540637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2edeb558ac947ce72021-12-21 11:33:37.693root 11241100x8000000000000000540638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8700b47b8cc376b12021-12-21 11:33:37.693root 11241100x8000000000000000540639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.376331b9c57ec6ba2021-12-21 11:33:37.694root 11241100x8000000000000000540640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4913d494a59cc7412021-12-21 11:33:37.694root 11241100x8000000000000000540641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.807899fef21519c72021-12-21 11:33:37.694root 11241100x8000000000000000540642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e638712762cee102021-12-21 11:33:37.694root 11241100x8000000000000000540643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cebd3dec591f7072021-12-21 11:33:37.694root 11241100x8000000000000000540644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ddf2073095a8a922021-12-21 11:33:37.694root 11241100x8000000000000000540645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.838c6804faf806122021-12-21 11:33:37.694root 11241100x8000000000000000540646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b7b2487dbc1472e2021-12-21 11:33:37.694root 11241100x8000000000000000540647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3678154ece468652021-12-21 11:33:37.694root 11241100x8000000000000000540648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a985903d788ad0d72021-12-21 11:33:37.694root 11241100x8000000000000000540649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cd56b10b22c59d72021-12-21 11:33:37.694root 11241100x8000000000000000540650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e6c74eed0d08e6e2021-12-21 11:33:37.694root 11241100x8000000000000000540651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa7e86aa84506f4c2021-12-21 11:33:37.694root 11241100x8000000000000000540652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b9123f4c86e1e882021-12-21 11:33:37.694root 11241100x8000000000000000540653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fed433db1e3f00082021-12-21 11:33:38.193root 11241100x8000000000000000540654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.821b7e5d896a6e002021-12-21 11:33:38.193root 11241100x8000000000000000540655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca28dbdeb8c228012021-12-21 11:33:38.193root 11241100x8000000000000000540656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3175d2a73f53fecc2021-12-21 11:33:38.193root 11241100x8000000000000000540657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75b62b98148c02242021-12-21 11:33:38.193root 11241100x8000000000000000540658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83f9a66e2ea260932021-12-21 11:33:38.194root 11241100x8000000000000000540659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45b05fc136a216552021-12-21 11:33:38.194root 11241100x8000000000000000540660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.943361700d6863602021-12-21 11:33:38.194root 11241100x8000000000000000540661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73c287f8f482a7022021-12-21 11:33:38.194root 11241100x8000000000000000540662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c65b2f9cc226c3f12021-12-21 11:33:38.194root 11241100x8000000000000000540663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87730d1dd5509bf12021-12-21 11:33:38.194root 11241100x8000000000000000540664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bebc44e058cdc8f22021-12-21 11:33:38.194root 11241100x8000000000000000540665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5ea64c23e91c6472021-12-21 11:33:38.194root 11241100x8000000000000000540666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7ee6bd088dee3122021-12-21 11:33:38.194root 11241100x8000000000000000540667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.113bbfcad7c480bf2021-12-21 11:33:38.194root 11241100x8000000000000000540668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43635aecbdb899362021-12-21 11:33:38.194root 11241100x8000000000000000540669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85c4940e218b3d9f2021-12-21 11:33:38.194root 11241100x8000000000000000540670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:38.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.844e7fecfc21aeeb2021-12-21 11:33:38.195root 11241100x8000000000000000540671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:38.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ad62a5b888745f22021-12-21 11:33:38.195root 354300x8000000000000000540672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:38.197{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48722-false10.0.1.12-8000- 11241100x8000000000000000540673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3da79b9afb754572021-12-21 11:33:38.693root 11241100x8000000000000000540674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df328163fe9ae44c2021-12-21 11:33:38.693root 11241100x8000000000000000540675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34faeba32adcf09c2021-12-21 11:33:38.693root 11241100x8000000000000000540676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54aae38ec971afa22021-12-21 11:33:38.693root 11241100x8000000000000000540677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a2d12d4134e32062021-12-21 11:33:38.694root 11241100x8000000000000000540678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6835acb790d357902021-12-21 11:33:38.694root 11241100x8000000000000000540679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a17c5cea7b18d412021-12-21 11:33:38.694root 11241100x8000000000000000540680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38c6ade2ce623efc2021-12-21 11:33:38.694root 11241100x8000000000000000540681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d40a469aeb512822021-12-21 11:33:38.694root 11241100x8000000000000000540682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cff8818ef4299332021-12-21 11:33:38.694root 11241100x8000000000000000540683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6e7514eedde7a4a2021-12-21 11:33:38.694root 11241100x8000000000000000540684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b29063e5fb25b9e2021-12-21 11:33:38.694root 11241100x8000000000000000540685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af7836a0588f792d2021-12-21 11:33:38.694root 11241100x8000000000000000540686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acb96e3b493bea732021-12-21 11:33:38.694root 11241100x8000000000000000540687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c53298f3ff5aba42021-12-21 11:33:38.694root 11241100x8000000000000000540688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0669acf00705f0a72021-12-21 11:33:38.694root 11241100x8000000000000000540689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c8122e542df8d782021-12-21 11:33:38.694root 11241100x8000000000000000540690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd4d7a3db8174a292021-12-21 11:33:38.694root 11241100x8000000000000000540691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f6688c3fb77f0cc2021-12-21 11:33:38.694root 11241100x8000000000000000540692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:38.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08154c70718e36b82021-12-21 11:33:38.695root 11241100x8000000000000000540693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54218bc997581cea2021-12-21 11:33:39.193root 11241100x8000000000000000540694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edd0cb7e1c1146c72021-12-21 11:33:39.193root 11241100x8000000000000000540695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd913027ae2700292021-12-21 11:33:39.193root 11241100x8000000000000000540696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a7b2bae6bd0a10e2021-12-21 11:33:39.194root 11241100x8000000000000000540697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fcaab0cce1492272021-12-21 11:33:39.194root 11241100x8000000000000000540698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cff7fb25b1eb9b182021-12-21 11:33:39.194root 11241100x8000000000000000540699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.954291ad13ff9bda2021-12-21 11:33:39.194root 11241100x8000000000000000540700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da94fc6db72cc2d12021-12-21 11:33:39.194root 11241100x8000000000000000540701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da254048dec7f9732021-12-21 11:33:39.194root 11241100x8000000000000000540702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60c9e02bbe7be4c22021-12-21 11:33:39.194root 11241100x8000000000000000540703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cd2bdb40d3c13312021-12-21 11:33:39.194root 11241100x8000000000000000540704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59745bd8567803bc2021-12-21 11:33:39.194root 11241100x8000000000000000540705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c2ebac6da7d4a882021-12-21 11:33:39.194root 11241100x8000000000000000540706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.636a65eff1e615b12021-12-21 11:33:39.194root 11241100x8000000000000000540707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e7c3094c4cc4bf72021-12-21 11:33:39.194root 11241100x8000000000000000540708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:39.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9341e41d7e20a79b2021-12-21 11:33:39.195root 11241100x8000000000000000540709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:39.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f81ca1993186f86d2021-12-21 11:33:39.195root 11241100x8000000000000000540710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:39.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16623ba1250727ec2021-12-21 11:33:39.195root 11241100x8000000000000000540711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:39.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b284eab642b2e522021-12-21 11:33:39.195root 11241100x8000000000000000540712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:39.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20a01a08df86e2442021-12-21 11:33:39.195root 23542300x8000000000000000540713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:39.328{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000540714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a74cf2cddc1d51bc2021-12-21 11:33:39.693root 11241100x8000000000000000540715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3ad7c7c2535c2662021-12-21 11:33:39.693root 11241100x8000000000000000540716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32313efb46811dc32021-12-21 11:33:39.693root 11241100x8000000000000000540717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae523ef0c360cfa62021-12-21 11:33:39.694root 11241100x8000000000000000540718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3731dbc3beaa5752021-12-21 11:33:39.694root 11241100x8000000000000000540719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aa47a876f16373a2021-12-21 11:33:39.694root 11241100x8000000000000000540720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa1eead123bc3ad72021-12-21 11:33:39.694root 11241100x8000000000000000540721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bf81a3702c177872021-12-21 11:33:39.694root 11241100x8000000000000000540722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4291e684071cfb1c2021-12-21 11:33:39.694root 11241100x8000000000000000540723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ef8c5261963803b2021-12-21 11:33:39.694root 11241100x8000000000000000540724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dde1dc9e777bcbe2021-12-21 11:33:39.694root 11241100x8000000000000000540725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.011ffc68068e49182021-12-21 11:33:39.694root 11241100x8000000000000000540726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61bf76ac4e0b43322021-12-21 11:33:39.694root 11241100x8000000000000000540727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adb69fc6ba228e272021-12-21 11:33:39.694root 11241100x8000000000000000540728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.251619d64e4d828d2021-12-21 11:33:39.694root 11241100x8000000000000000540729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39f57e2e456583732021-12-21 11:33:39.694root 11241100x8000000000000000540730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90874bbe90bce7ed2021-12-21 11:33:39.694root 11241100x8000000000000000540731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db09089be6a2aa0d2021-12-21 11:33:39.694root 11241100x8000000000000000540732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bd92903a3a2794f2021-12-21 11:33:39.694root 11241100x8000000000000000540733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27eb4aa19a9482ab2021-12-21 11:33:39.695root 11241100x8000000000000000540734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cc940ecd70b9fec2021-12-21 11:33:39.695root 11241100x8000000000000000540735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d73f0fba57cd5a82021-12-21 11:33:40.193root 11241100x8000000000000000540736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b470037eb4d2fa2021-12-21 11:33:40.193root 11241100x8000000000000000540737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba84843966c68c652021-12-21 11:33:40.194root 11241100x8000000000000000540738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58c1011dba0c69892021-12-21 11:33:40.194root 11241100x8000000000000000540739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b96f9a4fecb873682021-12-21 11:33:40.194root 11241100x8000000000000000540740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64fdf15bf37e19e82021-12-21 11:33:40.194root 11241100x8000000000000000540741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7364963613f6e2f2021-12-21 11:33:40.194root 11241100x8000000000000000540742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e80c95a80ba56d82021-12-21 11:33:40.194root 11241100x8000000000000000540743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07b1ecf75474d0d42021-12-21 11:33:40.194root 11241100x8000000000000000540744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0790d1627c0ee992021-12-21 11:33:40.194root 11241100x8000000000000000540745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c09ca06090ef94842021-12-21 11:33:40.194root 11241100x8000000000000000540746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcdc74f5c756b6bf2021-12-21 11:33:40.194root 11241100x8000000000000000540747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bb3e35e846261e62021-12-21 11:33:40.194root 11241100x8000000000000000540748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2cd2fbebe4eae0f2021-12-21 11:33:40.194root 11241100x8000000000000000540749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1790ab698673c5482021-12-21 11:33:40.194root 11241100x8000000000000000540750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e826a160ae32ce02021-12-21 11:33:40.194root 11241100x8000000000000000540751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9de8c94d1383102e2021-12-21 11:33:40.194root 11241100x8000000000000000540752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4c5ce9fef45dd8f2021-12-21 11:33:40.194root 11241100x8000000000000000540753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7d7dfca45e252db2021-12-21 11:33:40.195root 11241100x8000000000000000540754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae2659db792edcd62021-12-21 11:33:40.195root 11241100x8000000000000000540755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9351f45fb0872c5b2021-12-21 11:33:40.195root 11241100x8000000000000000540756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5fa0e36cb8f44e12021-12-21 11:33:40.693root 11241100x8000000000000000540757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d3a7ee043d9c842021-12-21 11:33:40.693root 11241100x8000000000000000540758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c234efdbf6860b82021-12-21 11:33:40.694root 11241100x8000000000000000540759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79b8e3599869e13a2021-12-21 11:33:40.694root 11241100x8000000000000000540760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22825b7ec9dac5632021-12-21 11:33:40.694root 11241100x8000000000000000540761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b05b7f6329fd4bf42021-12-21 11:33:40.694root 11241100x8000000000000000540762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8542a70fded979e32021-12-21 11:33:40.694root 11241100x8000000000000000540763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95ff79a9e71aa7422021-12-21 11:33:40.694root 11241100x8000000000000000540764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37bf59668a19d9e82021-12-21 11:33:40.694root 11241100x8000000000000000540765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.898943c267adeca82021-12-21 11:33:40.694root 11241100x8000000000000000540766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31eaf8bbdc6777552021-12-21 11:33:40.695root 11241100x8000000000000000540767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d71557b832b612922021-12-21 11:33:40.695root 11241100x8000000000000000540768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d257a3bc855cb2e2021-12-21 11:33:40.695root 11241100x8000000000000000540769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81866c9c57cb66242021-12-21 11:33:40.695root 11241100x8000000000000000540770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f763d5b9e8aa9fed2021-12-21 11:33:40.695root 11241100x8000000000000000540771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1102f8849240213c2021-12-21 11:33:40.695root 11241100x8000000000000000540772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f7141c506355d212021-12-21 11:33:40.695root 11241100x8000000000000000540773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2301a53fdb860b52021-12-21 11:33:40.695root 11241100x8000000000000000540774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:40.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e61170c9c47f8bc82021-12-21 11:33:40.696root 11241100x8000000000000000540775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:40.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68b252d8ef9f95002021-12-21 11:33:40.696root 11241100x8000000000000000540776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:40.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8465f62d1553e3c12021-12-21 11:33:40.696root 11241100x8000000000000000540777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c27b55bc1f6c4a4f2021-12-21 11:33:41.193root 11241100x8000000000000000540778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbbd3bf3e496be872021-12-21 11:33:41.193root 11241100x8000000000000000540779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56bd2827b12d23da2021-12-21 11:33:41.194root 11241100x8000000000000000540780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0778ff19c57cc1332021-12-21 11:33:41.194root 11241100x8000000000000000540781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52f011bfe82c93cd2021-12-21 11:33:41.194root 11241100x8000000000000000540782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac628a0d2c693bea2021-12-21 11:33:41.194root 11241100x8000000000000000540783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f62e870decf001c22021-12-21 11:33:41.194root 11241100x8000000000000000540784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7608fecfe16e1782021-12-21 11:33:41.194root 11241100x8000000000000000540785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2995d9a6ae3f4e922021-12-21 11:33:41.194root 11241100x8000000000000000540786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c547c7dbf95792182021-12-21 11:33:41.195root 11241100x8000000000000000540787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae48f52691d7139c2021-12-21 11:33:41.195root 11241100x8000000000000000540788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8cc05bdc65c27d22021-12-21 11:33:41.195root 11241100x8000000000000000540789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8639153e74777052021-12-21 11:33:41.195root 11241100x8000000000000000540790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.126563b3a9406a8d2021-12-21 11:33:41.195root 11241100x8000000000000000540791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbff2b4c4165e3cf2021-12-21 11:33:41.195root 11241100x8000000000000000540792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b798748bdd866fa12021-12-21 11:33:41.195root 11241100x8000000000000000540793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a113c4da5500d9fe2021-12-21 11:33:41.195root 11241100x8000000000000000540794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:41.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea393a6c229e93912021-12-21 11:33:41.196root 11241100x8000000000000000540795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:41.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af058379e7626b122021-12-21 11:33:41.196root 11241100x8000000000000000540796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:41.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5b9fb0e8f03f0182021-12-21 11:33:41.196root 11241100x8000000000000000540797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:41.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.254652252f824d122021-12-21 11:33:41.196root 11241100x8000000000000000540798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d07db1d7ab681352021-12-21 11:33:41.693root 11241100x8000000000000000540799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f611ed5b61aaafa72021-12-21 11:33:41.693root 11241100x8000000000000000540800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c3d5f590ab080792021-12-21 11:33:41.694root 11241100x8000000000000000540801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0283f5524fc8fef2021-12-21 11:33:41.694root 11241100x8000000000000000540802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb6ed880373512cd2021-12-21 11:33:41.694root 11241100x8000000000000000540803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1dda993d10d2f4a2021-12-21 11:33:41.694root 11241100x8000000000000000540804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59eff09b06b7818d2021-12-21 11:33:41.694root 11241100x8000000000000000540805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b21d8338c7404922021-12-21 11:33:41.694root 11241100x8000000000000000540806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12bde8ba642a9cf62021-12-21 11:33:41.694root 11241100x8000000000000000540807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e968f766211439802021-12-21 11:33:41.694root 11241100x8000000000000000540808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3581c315fca5fc7f2021-12-21 11:33:41.694root 11241100x8000000000000000540809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6527a4fd2885baa32021-12-21 11:33:41.694root 11241100x8000000000000000540810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eec35e03834804e92021-12-21 11:33:41.694root 11241100x8000000000000000540811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.846e2561d02965232021-12-21 11:33:41.695root 11241100x8000000000000000540812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33129e191129d4ba2021-12-21 11:33:41.695root 11241100x8000000000000000540813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24956b8c3f247d2e2021-12-21 11:33:41.695root 11241100x8000000000000000540814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5607ac55d82cd1d2021-12-21 11:33:41.695root 11241100x8000000000000000540815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85f6dc8d8ecf9b4a2021-12-21 11:33:41.695root 11241100x8000000000000000540816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.665a21efcf68d1f12021-12-21 11:33:41.695root 11241100x8000000000000000540817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1ff2014e9d796072021-12-21 11:33:41.696root 11241100x8000000000000000540818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a6175d052d282fe2021-12-21 11:33:41.696root 11241100x8000000000000000540819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb67e641e841532a2021-12-21 11:33:42.193root 11241100x8000000000000000540820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1d00494cbfab3612021-12-21 11:33:42.193root 11241100x8000000000000000540821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.160c00e345e2c4972021-12-21 11:33:42.193root 11241100x8000000000000000540822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7dd2434f151292e2021-12-21 11:33:42.194root 11241100x8000000000000000540823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af2bc5d8a26bde832021-12-21 11:33:42.194root 11241100x8000000000000000540824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5253d51c42fecac22021-12-21 11:33:42.194root 11241100x8000000000000000540825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98d89210293a79692021-12-21 11:33:42.194root 11241100x8000000000000000540826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0410813804037ab32021-12-21 11:33:42.194root 11241100x8000000000000000540827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f6232684f2c7c2b2021-12-21 11:33:42.194root 11241100x8000000000000000540828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.417918bdd53517fe2021-12-21 11:33:42.194root 11241100x8000000000000000540829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c91b6fea65110a72021-12-21 11:33:42.194root 11241100x8000000000000000540830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc1f4bbf26f212dc2021-12-21 11:33:42.194root 11241100x8000000000000000540831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae9527734dd490d82021-12-21 11:33:42.194root 11241100x8000000000000000540832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fb5fe23dc590b352021-12-21 11:33:42.195root 11241100x8000000000000000540833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6e2c29333059a9b2021-12-21 11:33:42.195root 11241100x8000000000000000540834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bbaf6ca3cfa98a52021-12-21 11:33:42.195root 11241100x8000000000000000540835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce002eab6eb9f4652021-12-21 11:33:42.195root 11241100x8000000000000000540836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71c080a66a3cfdb72021-12-21 11:33:42.195root 11241100x8000000000000000540837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9094890c6ece6312021-12-21 11:33:42.195root 11241100x8000000000000000540838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b364e047fea35742021-12-21 11:33:42.195root 11241100x8000000000000000540839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74427181976a932d2021-12-21 11:33:42.195root 11241100x8000000000000000540840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddad68d5bd43b0362021-12-21 11:33:42.693root 11241100x8000000000000000540841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb1d63c0f435e6c62021-12-21 11:33:42.693root 11241100x8000000000000000540842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c6ae4ad5961dc0a2021-12-21 11:33:42.693root 11241100x8000000000000000540843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e9712f7ce49b1262021-12-21 11:33:42.693root 11241100x8000000000000000540844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f951d1334840b3b2021-12-21 11:33:42.694root 11241100x8000000000000000540845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d097893da3fac542021-12-21 11:33:42.694root 11241100x8000000000000000540846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d82441b3c7ad18e2021-12-21 11:33:42.694root 11241100x8000000000000000540847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d677afc8c40d2742021-12-21 11:33:42.694root 11241100x8000000000000000540848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf22cfd62db4011b2021-12-21 11:33:42.694root 11241100x8000000000000000540849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc4609642d23cc7a2021-12-21 11:33:42.694root 11241100x8000000000000000540850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b6100667a610e9b2021-12-21 11:33:42.694root 11241100x8000000000000000540851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.860092062c3c76b12021-12-21 11:33:42.694root 11241100x8000000000000000540852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fb47185f153b4a02021-12-21 11:33:42.694root 11241100x8000000000000000540853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b97f40254c6049822021-12-21 11:33:42.694root 11241100x8000000000000000540854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dfaa72116c5f1612021-12-21 11:33:42.695root 11241100x8000000000000000540855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f70c107a13190d52021-12-21 11:33:42.695root 11241100x8000000000000000540856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abbdccb56415a09d2021-12-21 11:33:42.695root 11241100x8000000000000000540857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af48a6104e823ae82021-12-21 11:33:42.695root 11241100x8000000000000000540858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff187937d87f60e82021-12-21 11:33:42.695root 11241100x8000000000000000540859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0c3240f66882ee82021-12-21 11:33:42.695root 11241100x8000000000000000540860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.852c426176580ae42021-12-21 11:33:42.695root 11241100x8000000000000000540861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec445c03dbd5d5282021-12-21 11:33:43.193root 11241100x8000000000000000540862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3c5d08b6afc215a2021-12-21 11:33:43.193root 11241100x8000000000000000540863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7231558245a4ae052021-12-21 11:33:43.193root 11241100x8000000000000000540864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23577d6ec765efb02021-12-21 11:33:43.194root 11241100x8000000000000000540865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a54d77ed5ce6ccc22021-12-21 11:33:43.194root 11241100x8000000000000000540866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24d702b286306d152021-12-21 11:33:43.194root 11241100x8000000000000000540867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7745af35e9a7a14e2021-12-21 11:33:43.194root 11241100x8000000000000000540868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f7005f8f3edea252021-12-21 11:33:43.194root 11241100x8000000000000000540869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84281ab8049b30232021-12-21 11:33:43.194root 11241100x8000000000000000540870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eef03a820c96895b2021-12-21 11:33:43.194root 11241100x8000000000000000540871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d152913361394c012021-12-21 11:33:43.194root 11241100x8000000000000000540872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e342fd3b0730e6f2021-12-21 11:33:43.194root 11241100x8000000000000000540873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fb6af53f0f63c1b2021-12-21 11:33:43.194root 11241100x8000000000000000540874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.934b3bb3dd176e992021-12-21 11:33:43.195root 11241100x8000000000000000540875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01b8c0bb67e10af42021-12-21 11:33:43.195root 11241100x8000000000000000540876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6871da6f606aebd42021-12-21 11:33:43.195root 11241100x8000000000000000540877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cad41c839679b6512021-12-21 11:33:43.195root 11241100x8000000000000000540878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7267a87eef39b1ad2021-12-21 11:33:43.195root 11241100x8000000000000000540879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbca3bdbebc4ad712021-12-21 11:33:43.195root 11241100x8000000000000000540880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7939516f83da96e12021-12-21 11:33:43.195root 11241100x8000000000000000540881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:43.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c9ed2f85f595da2021-12-21 11:33:43.196root 11241100x8000000000000000540882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a74ea9db0c6611562021-12-21 11:33:43.693root 11241100x8000000000000000540883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f897d6096acd4cf2021-12-21 11:33:43.693root 11241100x8000000000000000540884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b11d51c8009335d02021-12-21 11:33:43.693root 11241100x8000000000000000540885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32f28987d788b9532021-12-21 11:33:43.694root 11241100x8000000000000000540886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a144f98ce0a5b2722021-12-21 11:33:43.694root 11241100x8000000000000000540887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8a1b062e77670d22021-12-21 11:33:43.694root 11241100x8000000000000000540888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2336d20c35f9156f2021-12-21 11:33:43.694root 11241100x8000000000000000540889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9516d82575f92ad22021-12-21 11:33:43.694root 11241100x8000000000000000540890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aef13e5b081703972021-12-21 11:33:43.694root 11241100x8000000000000000540891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43f48f09a27884c22021-12-21 11:33:43.694root 11241100x8000000000000000540892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4634f271456f453a2021-12-21 11:33:43.694root 11241100x8000000000000000540893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.459e007dbe26755f2021-12-21 11:33:43.694root 11241100x8000000000000000540894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa7d919db494f4a82021-12-21 11:33:43.694root 11241100x8000000000000000540895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b9f7417573e06eb2021-12-21 11:33:43.694root 11241100x8000000000000000540896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f983483d0a119d2021-12-21 11:33:43.694root 11241100x8000000000000000540897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.484630bcbe5c9bd82021-12-21 11:33:43.694root 11241100x8000000000000000540898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6678e890298ad362021-12-21 11:33:43.695root 11241100x8000000000000000540899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab8fc150eb74a2ba2021-12-21 11:33:43.695root 11241100x8000000000000000540900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbccd2d91e6c77fd2021-12-21 11:33:43.695root 11241100x8000000000000000540901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4849b3fa346515262021-12-21 11:33:43.695root 11241100x8000000000000000540902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8af42252285a22ac2021-12-21 11:33:43.695root 354300x8000000000000000540903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.127{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48724-false10.0.1.12-8000- 11241100x8000000000000000540904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.128{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.034fe41f8c2116d42021-12-21 11:33:44.128root 11241100x8000000000000000540905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.128{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acfaf3e8ff04b0452021-12-21 11:33:44.128root 11241100x8000000000000000540906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.128{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4f9a11df24564a02021-12-21 11:33:44.128root 11241100x8000000000000000540907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.128{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4309c9feccfe01d62021-12-21 11:33:44.128root 11241100x8000000000000000540908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.128{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44e64dd228e249b02021-12-21 11:33:44.128root 11241100x8000000000000000540909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.128{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70bd9fefa8a41ec32021-12-21 11:33:44.128root 11241100x8000000000000000540910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.128{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.328b817282d894652021-12-21 11:33:44.128root 11241100x8000000000000000540911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.129{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6857fd4f8fa2b542021-12-21 11:33:44.129root 11241100x8000000000000000540912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.129{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afc5e4d769d5df252021-12-21 11:33:44.129root 11241100x8000000000000000540913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.129{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15534c05ede2f0162021-12-21 11:33:44.129root 11241100x8000000000000000540914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.129{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b54af8acc950d5c2021-12-21 11:33:44.129root 11241100x8000000000000000540915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.129{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bf0749d2c45254e2021-12-21 11:33:44.129root 11241100x8000000000000000540916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.130{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3324dfc87e3d47692021-12-21 11:33:44.130root 11241100x8000000000000000540917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.130{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0fecb2592b1df912021-12-21 11:33:44.130root 11241100x8000000000000000540918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.130{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d33b4a8fd4b0ab352021-12-21 11:33:44.130root 11241100x8000000000000000540919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.130{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d58a4124dbd25e282021-12-21 11:33:44.130root 11241100x8000000000000000540920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.130{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b49ba4d01d538ad2021-12-21 11:33:44.130root 11241100x8000000000000000540921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.130{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2633f4a8d6a5c8f52021-12-21 11:33:44.130root 11241100x8000000000000000540922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.130{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5cfe7a50825f2d92021-12-21 11:33:44.130root 11241100x8000000000000000540923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.130{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26c414724cbcbbc72021-12-21 11:33:44.130root 11241100x8000000000000000540924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.130{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef97d24a3e4946082021-12-21 11:33:44.130root 11241100x8000000000000000540925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.130{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88d97234c8c80b982021-12-21 11:33:44.130root 11241100x8000000000000000540926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.130{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa8f7995e34a00462021-12-21 11:33:44.130root 11241100x8000000000000000540927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.130{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60120a065f3cb5a12021-12-21 11:33:44.130root 11241100x8000000000000000540928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.131{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ca5ac98746038b72021-12-21 11:33:44.131root 11241100x8000000000000000540929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.131{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16051192d19d3acd2021-12-21 11:33:44.131root 11241100x8000000000000000540930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.131{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51f73e9e37ba0fb42021-12-21 11:33:44.131root 11241100x8000000000000000540931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.131{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f6f0eafcc14292c2021-12-21 11:33:44.131root 11241100x8000000000000000540932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.131{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bc86b4749f5d6712021-12-21 11:33:44.131root 11241100x8000000000000000540933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.131{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c65a02f39e98bf5e2021-12-21 11:33:44.131root 11241100x8000000000000000540934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.131{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90e8ca0e437d27b22021-12-21 11:33:44.131root 11241100x8000000000000000540935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.131{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.327f58895aede73b2021-12-21 11:33:44.131root 11241100x8000000000000000540936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.131{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9fb9e999a4252c92021-12-21 11:33:44.131root 11241100x8000000000000000540937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.131{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6ff8736cc9d39ed2021-12-21 11:33:44.131root 11241100x8000000000000000540938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.131{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e40aa27a66fd4ca2021-12-21 11:33:44.131root 11241100x8000000000000000540939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.132{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed3e3506f97b25252021-12-21 11:33:44.132root 11241100x8000000000000000540940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c69e4982794c47c42021-12-21 11:33:44.443root 11241100x8000000000000000540941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61e3eb47cab335962021-12-21 11:33:44.443root 11241100x8000000000000000540942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bbcc9e2ec192d662021-12-21 11:33:44.444root 11241100x8000000000000000540943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b6ea8b3b73e763a2021-12-21 11:33:44.444root 11241100x8000000000000000540944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2075ef86a30dde52021-12-21 11:33:44.444root 11241100x8000000000000000540945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.696869099a9f431e2021-12-21 11:33:44.444root 11241100x8000000000000000540946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d229d054299b77472021-12-21 11:33:44.444root 11241100x8000000000000000540947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6148143b74379aa42021-12-21 11:33:44.444root 11241100x8000000000000000540948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.839728a82746d0642021-12-21 11:33:44.444root 11241100x8000000000000000540949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0917bd70ae59071c2021-12-21 11:33:44.444root 11241100x8000000000000000540950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efe34cab537303662021-12-21 11:33:44.444root 11241100x8000000000000000540951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f62f5e759805cd2021-12-21 11:33:44.444root 11241100x8000000000000000540952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4645fab8b058fe332021-12-21 11:33:44.444root 11241100x8000000000000000540953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52b3b27e282aaf3a2021-12-21 11:33:44.444root 11241100x8000000000000000540954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b9c2bfa34ab5dfc2021-12-21 11:33:44.444root 11241100x8000000000000000540955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dad229bd2f1ed752021-12-21 11:33:44.444root 11241100x8000000000000000540956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b7c40f133010ac32021-12-21 11:33:44.444root 11241100x8000000000000000540957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.226e8f96289b0df32021-12-21 11:33:44.444root 11241100x8000000000000000540958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.953980f84b587d382021-12-21 11:33:44.445root 11241100x8000000000000000540959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.381c7fbb413736662021-12-21 11:33:44.445root 11241100x8000000000000000540960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e4bf28a64ae75c22021-12-21 11:33:44.445root 11241100x8000000000000000540961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d00cb2640ab7f9a2021-12-21 11:33:44.445root 11241100x8000000000000000540962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43b06f441d38f1542021-12-21 11:33:44.943root 11241100x8000000000000000540963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e385730b68e842a62021-12-21 11:33:44.943root 11241100x8000000000000000540964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da9a63a79668af6c2021-12-21 11:33:44.943root 11241100x8000000000000000540965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b71e387b8a9a06c02021-12-21 11:33:44.943root 11241100x8000000000000000540966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b098b02d4e9aae32021-12-21 11:33:44.944root 11241100x8000000000000000540967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d35198a4fa6d0932021-12-21 11:33:44.944root 11241100x8000000000000000540968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1dccff6079f0bb52021-12-21 11:33:44.944root 11241100x8000000000000000540969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cc14e1f52f1f08c2021-12-21 11:33:44.944root 11241100x8000000000000000540970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4218fc10b11358042021-12-21 11:33:44.944root 11241100x8000000000000000540971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8047d4e3d59c2f702021-12-21 11:33:44.944root 11241100x8000000000000000540972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b42cabe792d744442021-12-21 11:33:44.944root 11241100x8000000000000000540973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.593fd11aef0485702021-12-21 11:33:44.944root 11241100x8000000000000000540974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e211651da286c21e2021-12-21 11:33:44.944root 11241100x8000000000000000540975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.732b77605f934c6e2021-12-21 11:33:44.944root 11241100x8000000000000000540976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.273a0d8632fe62a52021-12-21 11:33:44.944root 11241100x8000000000000000540977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e0648a2bca80caf2021-12-21 11:33:44.944root 11241100x8000000000000000540978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f004a42d98a020812021-12-21 11:33:44.944root 11241100x8000000000000000540979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66fba24aa558e83b2021-12-21 11:33:44.944root 11241100x8000000000000000540980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ebb27f282cfd8c2021-12-21 11:33:44.944root 11241100x8000000000000000540981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1ebf996cc2a68702021-12-21 11:33:44.945root 11241100x8000000000000000540982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0318dc334e8039be2021-12-21 11:33:44.945root 11241100x8000000000000000540983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7870f9c715d5762b2021-12-21 11:33:44.945root 11241100x8000000000000000540984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe797f438d7f7b572021-12-21 11:33:45.443root 11241100x8000000000000000540985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f984c3159626a8482021-12-21 11:33:45.443root 11241100x8000000000000000540986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53a81e3c1fbd2ad52021-12-21 11:33:45.443root 11241100x8000000000000000540987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc780b203b6222892021-12-21 11:33:45.443root 11241100x8000000000000000540988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da2c160a4db697982021-12-21 11:33:45.444root 11241100x8000000000000000540989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb1c9a39a96d62612021-12-21 11:33:45.444root 11241100x8000000000000000540990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff1c3b612768ec362021-12-21 11:33:45.444root 11241100x8000000000000000540991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69ce3c01f25c3f2e2021-12-21 11:33:45.444root 11241100x8000000000000000540992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cd035cc133985222021-12-21 11:33:45.444root 11241100x8000000000000000540993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f10d9a3b5070f992021-12-21 11:33:45.444root 11241100x8000000000000000540994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5c4c615038ce4092021-12-21 11:33:45.444root 11241100x8000000000000000540995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af2a4c29a3d2e7f62021-12-21 11:33:45.444root 11241100x8000000000000000540996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3a7c93fc6fa81be2021-12-21 11:33:45.444root 11241100x8000000000000000540997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a676bf16eaeebf3c2021-12-21 11:33:45.444root 11241100x8000000000000000540998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e7f76dccd266b6c2021-12-21 11:33:45.444root 11241100x8000000000000000540999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.167a37a86bcf600a2021-12-21 11:33:45.444root 11241100x8000000000000000541000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75cad02b253a83542021-12-21 11:33:45.445root 11241100x8000000000000000541001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8058cf239360a3172021-12-21 11:33:45.445root 11241100x8000000000000000541002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c4379178c00e92d2021-12-21 11:33:45.445root 11241100x8000000000000000541003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ce732694fdc6be82021-12-21 11:33:45.445root 11241100x8000000000000000541004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9201aab405475b822021-12-21 11:33:45.445root 11241100x8000000000000000541005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1d0c6ed861d4ffe2021-12-21 11:33:45.445root 11241100x8000000000000000541006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b54c92431a0b8c702021-12-21 11:33:45.943root 11241100x8000000000000000541007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d66b6c58fa440bf22021-12-21 11:33:45.943root 11241100x8000000000000000541008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb7f2d89f555aee12021-12-21 11:33:45.943root 11241100x8000000000000000541009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68d2958938aab21e2021-12-21 11:33:45.943root 11241100x8000000000000000541010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4a302ff0b1f7e482021-12-21 11:33:45.944root 11241100x8000000000000000541011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45a257dd6ed717762021-12-21 11:33:45.944root 11241100x8000000000000000541012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9016d9452a1a27582021-12-21 11:33:45.944root 11241100x8000000000000000541013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2186edeee5272c762021-12-21 11:33:45.944root 11241100x8000000000000000541014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aedf4b9f8a071a622021-12-21 11:33:45.944root 11241100x8000000000000000541015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf0a5a273c5304032021-12-21 11:33:45.944root 11241100x8000000000000000541016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3036bd968f3f6b82021-12-21 11:33:45.944root 11241100x8000000000000000541017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef43a1c640b837eb2021-12-21 11:33:45.944root 11241100x8000000000000000541018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db06fc0e08e39f652021-12-21 11:33:45.945root 11241100x8000000000000000541019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f56748a2fa4918b42021-12-21 11:33:45.945root 11241100x8000000000000000541020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d911b309497371a2021-12-21 11:33:45.945root 11241100x8000000000000000541021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6f481709ecd19292021-12-21 11:33:45.945root 11241100x8000000000000000541022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9084a8dfe2673ce2021-12-21 11:33:45.945root 11241100x8000000000000000541023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a2fa98f5a3397822021-12-21 11:33:45.945root 11241100x8000000000000000541024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36df172bc9498fa12021-12-21 11:33:45.945root 11241100x8000000000000000541025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4421a7a45006ced12021-12-21 11:33:45.945root 11241100x8000000000000000541026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a63986d435a664f2021-12-21 11:33:45.945root 11241100x8000000000000000541027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b70ec4083b1db7372021-12-21 11:33:45.945root 11241100x8000000000000000541028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccf912d3c7201b622021-12-21 11:33:46.443root 11241100x8000000000000000541029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a67ce521c97bf3c2021-12-21 11:33:46.443root 11241100x8000000000000000541030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69b477768de936c82021-12-21 11:33:46.443root 11241100x8000000000000000541031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b2339f5e732d4562021-12-21 11:33:46.443root 11241100x8000000000000000541032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ec59ebf7624e31d2021-12-21 11:33:46.444root 11241100x8000000000000000541033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.152c1b6826f60abf2021-12-21 11:33:46.444root 11241100x8000000000000000541034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c734ac054ba2c042021-12-21 11:33:46.444root 11241100x8000000000000000541035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48c86267a34390072021-12-21 11:33:46.444root 11241100x8000000000000000541036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.635380a355ba95662021-12-21 11:33:46.444root 11241100x8000000000000000541037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3086fe3c37a6efa2021-12-21 11:33:46.444root 11241100x8000000000000000541038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f9480a7d9ac519c2021-12-21 11:33:46.444root 11241100x8000000000000000541039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8b26d625227d9b72021-12-21 11:33:46.444root 11241100x8000000000000000541040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe749a4effc88b972021-12-21 11:33:46.444root 11241100x8000000000000000541041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7423be6e086b3422021-12-21 11:33:46.444root 11241100x8000000000000000541042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed6cc6a6aab326672021-12-21 11:33:46.444root 11241100x8000000000000000541043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.415da056270347f22021-12-21 11:33:46.444root 11241100x8000000000000000541044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25e9c5ec5db499592021-12-21 11:33:46.444root 11241100x8000000000000000541045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee2bd3b317a27282021-12-21 11:33:46.444root 11241100x8000000000000000541046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d94366a5b6d09bf32021-12-21 11:33:46.444root 11241100x8000000000000000541047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf09519052f258892021-12-21 11:33:46.444root 11241100x8000000000000000541048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0fedbb1f459a9ac2021-12-21 11:33:46.445root 11241100x8000000000000000541049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f18205cf9caa7dc02021-12-21 11:33:46.445root 11241100x8000000000000000541050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65e043f7c05a9d4f2021-12-21 11:33:46.943root 11241100x8000000000000000541051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e347f0a09aefdab2021-12-21 11:33:46.943root 11241100x8000000000000000541052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25930a13967670712021-12-21 11:33:46.943root 11241100x8000000000000000541053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.133bf0d9efc0870b2021-12-21 11:33:46.944root 11241100x8000000000000000541054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e54fe1165e19e142021-12-21 11:33:46.944root 11241100x8000000000000000541055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4db79615f805a5fe2021-12-21 11:33:46.944root 11241100x8000000000000000541056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.616038930530e8b22021-12-21 11:33:46.944root 11241100x8000000000000000541057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.742944080ed389632021-12-21 11:33:46.944root 11241100x8000000000000000541058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f44045f6353a6292021-12-21 11:33:46.944root 11241100x8000000000000000541059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ef4278ec99e45bd2021-12-21 11:33:46.944root 11241100x8000000000000000541060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b319fbe46fd5a732021-12-21 11:33:46.944root 11241100x8000000000000000541061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f8b822394df71ca2021-12-21 11:33:46.944root 11241100x8000000000000000541062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20b857dae30bb41f2021-12-21 11:33:46.944root 11241100x8000000000000000541063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc833908ce3007e22021-12-21 11:33:46.944root 11241100x8000000000000000541064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.619e498d54a6c7b22021-12-21 11:33:46.944root 11241100x8000000000000000541065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eee75466e768a75d2021-12-21 11:33:46.944root 11241100x8000000000000000541066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4406f351c8ffb7e2021-12-21 11:33:46.944root 11241100x8000000000000000541067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79293eb882c1ee462021-12-21 11:33:46.944root 11241100x8000000000000000541068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee0f538e1e60cfcf2021-12-21 11:33:46.944root 11241100x8000000000000000541069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf5c13091cfb93502021-12-21 11:33:46.945root 11241100x8000000000000000541070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a3a637a3a07977d2021-12-21 11:33:46.945root 11241100x8000000000000000541071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9503553bdb222b492021-12-21 11:33:46.945root 11241100x8000000000000000541072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:33:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3184eccce0531a552021-12-21 11:33:47.443root 11241100x8000000000000000541073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643<