11241100x8000000000000000535773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a20d310153300d042021-12-21 11:30:42.193root 11241100x8000000000000000535774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c3ef391f4a672362021-12-21 11:30:42.193root 11241100x8000000000000000535775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97fdb6dce5cc41c12021-12-21 11:30:42.193root 11241100x8000000000000000535776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92c45c1546a9340d2021-12-21 11:30:42.193root 11241100x8000000000000000535777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2485e8a14595aaf2021-12-21 11:30:42.193root 11241100x8000000000000000535778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5abac2523d6d84bb2021-12-21 11:30:42.193root 11241100x8000000000000000535779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a75b43448ba05402021-12-21 11:30:42.193root 11241100x8000000000000000535780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.069369dccb4114152021-12-21 11:30:42.194root 11241100x8000000000000000535781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e7aa08e02162de2021-12-21 11:30:42.194root 11241100x8000000000000000535782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d481b413486408562021-12-21 11:30:42.194root 11241100x8000000000000000535783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98b793eeff16c3232021-12-21 11:30:42.194root 11241100x8000000000000000535784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5bc3d44e62219a62021-12-21 11:30:42.194root 11241100x8000000000000000535785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.029f94edbf7c9a2b2021-12-21 11:30:42.194root 11241100x8000000000000000535786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.475064335e9fa70a2021-12-21 11:30:42.194root 11241100x8000000000000000535787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e568b01916cffa412021-12-21 11:30:42.194root 11241100x8000000000000000535788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6506a510a91e26142021-12-21 11:30:42.692root 11241100x8000000000000000535789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83e5d42fa6af206d2021-12-21 11:30:42.693root 11241100x8000000000000000535790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a66be46db73859f2021-12-21 11:30:42.693root 11241100x8000000000000000535791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb6cb9e42bdcd5492021-12-21 11:30:42.693root 11241100x8000000000000000535792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb10744afeddb6462021-12-21 11:30:42.693root 11241100x8000000000000000535793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da4b7d76b6db5cc2021-12-21 11:30:42.693root 11241100x8000000000000000535794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38049f97a8988bfd2021-12-21 11:30:42.693root 11241100x8000000000000000535795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c804c6c273e9de0c2021-12-21 11:30:42.693root 11241100x8000000000000000535796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.704aaca675facf3a2021-12-21 11:30:42.693root 11241100x8000000000000000535797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34c6e730b5e637f62021-12-21 11:30:42.693root 11241100x8000000000000000535798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f0ce52ee6bfed442021-12-21 11:30:42.693root 11241100x8000000000000000535799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b43cba078b2eeba12021-12-21 11:30:42.693root 11241100x8000000000000000535800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03830159951d79bd2021-12-21 11:30:42.693root 11241100x8000000000000000535801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6b40458d7b397ce2021-12-21 11:30:42.694root 11241100x8000000000000000535802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c112d5bcb877c2e2021-12-21 11:30:42.694root 354300x8000000000000000535803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.100{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48644-false10.0.1.12-8000- 11241100x8000000000000000535804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.100{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cd993cd85a5d48a2021-12-21 11:30:43.100root 11241100x8000000000000000535805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.100{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f508c8185a906d372021-12-21 11:30:43.100root 11241100x8000000000000000535806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.100{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c929565aba4594872021-12-21 11:30:43.100root 11241100x8000000000000000535807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4add36f1d0adf0a82021-12-21 11:30:43.101root 11241100x8000000000000000535808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a15937f8a0ffca2021-12-21 11:30:43.101root 11241100x8000000000000000535809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06274b089d0b4e892021-12-21 11:30:43.101root 11241100x8000000000000000535810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c84037dde90b89052021-12-21 11:30:43.101root 11241100x8000000000000000535811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a77b10ff9101997f2021-12-21 11:30:43.101root 11241100x8000000000000000535812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.956edbc050514d352021-12-21 11:30:43.101root 11241100x8000000000000000535813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0abe18c6cd66f4ff2021-12-21 11:30:43.101root 11241100x8000000000000000535814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bd5e195f2eef4802021-12-21 11:30:43.101root 11241100x8000000000000000535815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eecc467ba6fc8e682021-12-21 11:30:43.101root 11241100x8000000000000000535816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c74ab01ba7154472021-12-21 11:30:43.101root 11241100x8000000000000000535817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cddc0c34b984dbc2021-12-21 11:30:43.101root 11241100x8000000000000000535818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce8ad8fdb6dc40282021-12-21 11:30:43.101root 11241100x8000000000000000535819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.102{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b95572194ccfeb1f2021-12-21 11:30:43.102root 11241100x8000000000000000535820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fb0d0ed8b19a42f2021-12-21 11:30:43.443root 11241100x8000000000000000535821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9938feec42d70c9c2021-12-21 11:30:43.443root 11241100x8000000000000000535822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.612118a60263c6992021-12-21 11:30:43.443root 11241100x8000000000000000535823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fa7c090cd2217392021-12-21 11:30:43.443root 11241100x8000000000000000535824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceb231bd61b6c7602021-12-21 11:30:43.443root 11241100x8000000000000000535825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38a19d5881a804502021-12-21 11:30:43.443root 11241100x8000000000000000535826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a74d0a0748a30a812021-12-21 11:30:43.443root 11241100x8000000000000000535827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.536bccc7c8738bff2021-12-21 11:30:43.444root 11241100x8000000000000000535828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6617a39175cc3d942021-12-21 11:30:43.444root 11241100x8000000000000000535829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc030858335a6ece2021-12-21 11:30:43.444root 11241100x8000000000000000535830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c5af6a3da8df0e2021-12-21 11:30:43.444root 11241100x8000000000000000535831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1478c4c5691bb402021-12-21 11:30:43.444root 11241100x8000000000000000535832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7121e49320e75b002021-12-21 11:30:43.444root 11241100x8000000000000000535833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cbcb854188b18e02021-12-21 11:30:43.444root 11241100x8000000000000000535834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a54b43cedff009b2021-12-21 11:30:43.444root 11241100x8000000000000000535835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2d03ff522d3fe182021-12-21 11:30:43.444root 11241100x8000000000000000535836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ff939420735aa9a2021-12-21 11:30:43.943root 11241100x8000000000000000535837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8459f60ec79779b82021-12-21 11:30:43.943root 11241100x8000000000000000535838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9addc8e588ee3982021-12-21 11:30:43.943root 11241100x8000000000000000535839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e8e8199e300b6462021-12-21 11:30:43.943root 11241100x8000000000000000535840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06bf64e49f8639c42021-12-21 11:30:43.943root 11241100x8000000000000000535841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ed80ba8248e570b2021-12-21 11:30:43.943root 11241100x8000000000000000535842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2151100df4a5bcc42021-12-21 11:30:43.943root 11241100x8000000000000000535843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdbbf0e57b1aea2c2021-12-21 11:30:43.943root 11241100x8000000000000000535844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22205c9ea5ed97e02021-12-21 11:30:43.943root 11241100x8000000000000000535845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cd7a80c18df47162021-12-21 11:30:43.943root 11241100x8000000000000000535846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e52713d9d4d4262021-12-21 11:30:43.943root 11241100x8000000000000000535847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fd8752d72353b3d2021-12-21 11:30:43.943root 11241100x8000000000000000535848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04bbf2955ae3ee762021-12-21 11:30:43.943root 11241100x8000000000000000535849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28b807d8d97e90d82021-12-21 11:30:43.944root 11241100x8000000000000000535850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c42c313c286317b42021-12-21 11:30:43.944root 11241100x8000000000000000535851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ce510e89c6754722021-12-21 11:30:43.944root 11241100x8000000000000000535852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19238af40220a8ad2021-12-21 11:30:44.443root 11241100x8000000000000000535853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70f6388095dd89452021-12-21 11:30:44.443root 11241100x8000000000000000535854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ece56e8b1060752021-12-21 11:30:44.444root 11241100x8000000000000000535855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d467927ed99e4e92021-12-21 11:30:44.444root 11241100x8000000000000000535856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b97102fa589a7dbb2021-12-21 11:30:44.444root 11241100x8000000000000000535857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59da4b110ba8e1782021-12-21 11:30:44.444root 11241100x8000000000000000535858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eec0a034a86303fd2021-12-21 11:30:44.444root 11241100x8000000000000000535859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ad3bc3fde9ccbd02021-12-21 11:30:44.444root 11241100x8000000000000000535860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c8f6214ba62fb6c2021-12-21 11:30:44.444root 11241100x8000000000000000535861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b899ffc67e4ff1562021-12-21 11:30:44.444root 11241100x8000000000000000535862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85e1093665e5310f2021-12-21 11:30:44.445root 11241100x8000000000000000535863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ffb982d40f2e57d2021-12-21 11:30:44.445root 11241100x8000000000000000535864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7176b7c1e441537e2021-12-21 11:30:44.445root 11241100x8000000000000000535865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.123bd68ec61f3d6c2021-12-21 11:30:44.445root 11241100x8000000000000000535866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41574815fe145a942021-12-21 11:30:44.445root 11241100x8000000000000000535867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3709185c3c8377622021-12-21 11:30:44.445root 11241100x8000000000000000535868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f970775ce4de2902021-12-21 11:30:44.942root 11241100x8000000000000000535869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fd2be26ebaf69792021-12-21 11:30:44.943root 11241100x8000000000000000535870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d6186645fa94102021-12-21 11:30:44.943root 11241100x8000000000000000535871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4dde062219941a92021-12-21 11:30:44.943root 11241100x8000000000000000535872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e19ea25ad135aad2021-12-21 11:30:44.943root 11241100x8000000000000000535873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ab8ce0e9941e7f42021-12-21 11:30:44.943root 11241100x8000000000000000535874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.361cc718b1fb2c892021-12-21 11:30:44.943root 11241100x8000000000000000535875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.786915f332030d4c2021-12-21 11:30:44.943root 11241100x8000000000000000535876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14a030aea0fb88512021-12-21 11:30:44.943root 11241100x8000000000000000535877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2be82f7173e008302021-12-21 11:30:44.943root 11241100x8000000000000000535878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4c8bb9f9618811d2021-12-21 11:30:44.943root 11241100x8000000000000000535879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d10fc8088c3933cb2021-12-21 11:30:44.944root 11241100x8000000000000000535880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de84f8e2f04058fa2021-12-21 11:30:44.944root 11241100x8000000000000000535881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ba27a80fad7934c2021-12-21 11:30:44.944root 11241100x8000000000000000535882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c616f5e85824172b2021-12-21 11:30:44.944root 11241100x8000000000000000535883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05ebbf8ade4477f72021-12-21 11:30:44.944root 11241100x8000000000000000535884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a629fe7093b0eec92021-12-21 11:30:45.443root 11241100x8000000000000000535885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47a979c423b440792021-12-21 11:30:45.443root 11241100x8000000000000000535886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5072a05ec608d36c2021-12-21 11:30:45.443root 11241100x8000000000000000535887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ae166297d9ef6612021-12-21 11:30:45.443root 11241100x8000000000000000535888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eab753555d3ab4c2021-12-21 11:30:45.443root 11241100x8000000000000000535889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59ea17c0998715f12021-12-21 11:30:45.443root 11241100x8000000000000000535890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a79e628e5599c04f2021-12-21 11:30:45.443root 11241100x8000000000000000535891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e39a6c696d8b585b2021-12-21 11:30:45.444root 11241100x8000000000000000535892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0af58a386a2f70ce2021-12-21 11:30:45.444root 11241100x8000000000000000535893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4540ea465eba72cb2021-12-21 11:30:45.444root 11241100x8000000000000000535894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.589f23ba143159602021-12-21 11:30:45.444root 11241100x8000000000000000535895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a081abfcf4bca72a2021-12-21 11:30:45.444root 11241100x8000000000000000535896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01a287aed2c804942021-12-21 11:30:45.444root 11241100x8000000000000000535897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1531614a7454b0b12021-12-21 11:30:45.444root 11241100x8000000000000000535898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.269661e6b8518bb22021-12-21 11:30:45.444root 11241100x8000000000000000535899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf7a1635711007342021-12-21 11:30:45.444root 11241100x8000000000000000535900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f041873f5d850942021-12-21 11:30:45.943root 11241100x8000000000000000535901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaec047ac4eec9a82021-12-21 11:30:45.943root 11241100x8000000000000000535902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f63512f75574658a2021-12-21 11:30:45.943root 11241100x8000000000000000535903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.020f4b0e76c323fd2021-12-21 11:30:45.943root 11241100x8000000000000000535904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69905534631c4c052021-12-21 11:30:45.943root 11241100x8000000000000000535905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b2af966883415742021-12-21 11:30:45.943root 11241100x8000000000000000535906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0040e3902bfa7002021-12-21 11:30:45.944root 11241100x8000000000000000535907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71808b3540bad7a32021-12-21 11:30:45.944root 11241100x8000000000000000535908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b18ca03396cf6aa52021-12-21 11:30:45.944root 11241100x8000000000000000535909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14353cb0f5f83c202021-12-21 11:30:45.944root 11241100x8000000000000000535910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0d290a5f99d96c52021-12-21 11:30:45.944root 11241100x8000000000000000535911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d816ffb40b29690e2021-12-21 11:30:45.944root 11241100x8000000000000000535912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cbd177ab46bcf9e2021-12-21 11:30:45.944root 11241100x8000000000000000535913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9de7a185f9f71d212021-12-21 11:30:45.944root 11241100x8000000000000000535914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5bfebcc51eba8ca2021-12-21 11:30:45.944root 11241100x8000000000000000535915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8b4b5dba041cdef2021-12-21 11:30:45.944root 11241100x8000000000000000535916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91c9cdae84c42be32021-12-21 11:30:46.443root 11241100x8000000000000000535917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c54da7df4c7cb082021-12-21 11:30:46.443root 11241100x8000000000000000535918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.910be03e6351ecf32021-12-21 11:30:46.443root 11241100x8000000000000000535919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c72e30d31e38ce762021-12-21 11:30:46.443root 11241100x8000000000000000535920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.838069dbdaeecd7c2021-12-21 11:30:46.443root 11241100x8000000000000000535921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12f9ebd5cc4802ba2021-12-21 11:30:46.443root 11241100x8000000000000000535922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de691b8a6579df5c2021-12-21 11:30:46.444root 11241100x8000000000000000535923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b928412ed3d8cdb82021-12-21 11:30:46.444root 11241100x8000000000000000535924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d41a26f09b3db4472021-12-21 11:30:46.444root 11241100x8000000000000000535925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfd0560dd50519c52021-12-21 11:30:46.444root 11241100x8000000000000000535926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0cfefd505a46d192021-12-21 11:30:46.444root 11241100x8000000000000000535927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f34374f7f5d47952021-12-21 11:30:46.444root 11241100x8000000000000000535928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd71090f3775589a2021-12-21 11:30:46.444root 11241100x8000000000000000535929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d24519dfdf52e7922021-12-21 11:30:46.444root 11241100x8000000000000000535930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61ea15ad95ebebff2021-12-21 11:30:46.444root 11241100x8000000000000000535931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d89f66d86db1fd32021-12-21 11:30:46.444root 11241100x8000000000000000535932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28dd6dc63694b0bb2021-12-21 11:30:46.943root 11241100x8000000000000000535933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b5ea9c4a36ddf842021-12-21 11:30:46.943root 11241100x8000000000000000535934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.366f17b544572a222021-12-21 11:30:46.943root 11241100x8000000000000000535935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c316a6ab067257c2021-12-21 11:30:46.943root 11241100x8000000000000000535936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58cf7f28f917e8132021-12-21 11:30:46.943root 11241100x8000000000000000535937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6175a7bc06730e9b2021-12-21 11:30:46.943root 11241100x8000000000000000535938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bdc3765535ef0b52021-12-21 11:30:46.944root 11241100x8000000000000000535939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e263635e0ff01792021-12-21 11:30:46.944root 11241100x8000000000000000535940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f80b735d588071002021-12-21 11:30:46.944root 11241100x8000000000000000535941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae13378c91ff49662021-12-21 11:30:46.944root 11241100x8000000000000000535942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd6fa55d74bd3862021-12-21 11:30:46.944root 11241100x8000000000000000535943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b8279a0fdfd56d32021-12-21 11:30:46.944root 11241100x8000000000000000535944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcf97c95a1f1d8992021-12-21 11:30:46.944root 11241100x8000000000000000535945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1ca512923d9d9ef2021-12-21 11:30:46.944root 11241100x8000000000000000535946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dfb11729f83705a2021-12-21 11:30:46.944root 11241100x8000000000000000535947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a108f99a1483d7492021-12-21 11:30:46.944root 11241100x8000000000000000535948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.428b1b152a1e43fb2021-12-21 11:30:47.443root 11241100x8000000000000000535949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d99e4b6ceb7f573f2021-12-21 11:30:47.443root 11241100x8000000000000000535950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61567370540fa0122021-12-21 11:30:47.443root 11241100x8000000000000000535951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.619038db35f9eefc2021-12-21 11:30:47.443root 11241100x8000000000000000535952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.380e87906bc76f3b2021-12-21 11:30:47.443root 11241100x8000000000000000535953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28490d0a5b37b3472021-12-21 11:30:47.443root 11241100x8000000000000000535954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d77ce0625e58f2b32021-12-21 11:30:47.444root 11241100x8000000000000000535955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5be8fcc77f2060072021-12-21 11:30:47.444root 11241100x8000000000000000535956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.572242e84d4edac92021-12-21 11:30:47.444root 11241100x8000000000000000535957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d547e26cc1a6b27b2021-12-21 11:30:47.444root 11241100x8000000000000000535958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8619911341eb10662021-12-21 11:30:47.444root 11241100x8000000000000000535959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a17ffe0fb87e8a3d2021-12-21 11:30:47.444root 11241100x8000000000000000535960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c80c0f18cbbac752021-12-21 11:30:47.444root 11241100x8000000000000000535961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27240c2bb6968b992021-12-21 11:30:47.444root 11241100x8000000000000000535962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb1ebac1d399e96c2021-12-21 11:30:47.444root 11241100x8000000000000000535963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3451a2c738b3f66c2021-12-21 11:30:47.444root 11241100x8000000000000000535964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1eada5b6a96693c2021-12-21 11:30:47.944root 11241100x8000000000000000535965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0082d05d0a1fdc262021-12-21 11:30:47.944root 11241100x8000000000000000535966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d353fa8033078522021-12-21 11:30:47.944root 11241100x8000000000000000535967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfa7af6359e40f652021-12-21 11:30:47.944root 11241100x8000000000000000535968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddf422e890e756f62021-12-21 11:30:47.944root 11241100x8000000000000000535969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a36e247fa4cae0a2021-12-21 11:30:47.944root 11241100x8000000000000000535970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbe84fcfd44a00852021-12-21 11:30:47.944root 11241100x8000000000000000535971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49426202e7da719f2021-12-21 11:30:47.944root 11241100x8000000000000000535972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b35fa8d4034e99db2021-12-21 11:30:47.944root 11241100x8000000000000000535973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.724592c659e4e8162021-12-21 11:30:47.945root 11241100x8000000000000000535974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2460dff2234fd01c2021-12-21 11:30:47.945root 11241100x8000000000000000535975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c633db05125dcdbf2021-12-21 11:30:47.945root 11241100x8000000000000000535976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7506110c8be4b3b2021-12-21 11:30:47.945root 11241100x8000000000000000535977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b97ee550fb66a39f2021-12-21 11:30:47.945root 11241100x8000000000000000535978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e65b6e656dcccd52021-12-21 11:30:47.945root 11241100x8000000000000000535979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88bb0874c66686ab2021-12-21 11:30:47.945root 11241100x8000000000000000535980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.869d676e42e15f592021-12-21 11:30:48.443root 11241100x8000000000000000535981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a1db8e398085edb2021-12-21 11:30:48.443root 11241100x8000000000000000535982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7edd6e0e88693462021-12-21 11:30:48.443root 11241100x8000000000000000535983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93fde869a77c7d5b2021-12-21 11:30:48.443root 11241100x8000000000000000535984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff8fe96d0bc3b3b42021-12-21 11:30:48.443root 11241100x8000000000000000535985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ea8ed4465e8b06e2021-12-21 11:30:48.444root 11241100x8000000000000000535986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46926696ed2e4b692021-12-21 11:30:48.444root 11241100x8000000000000000535987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80b64bb0c10432f92021-12-21 11:30:48.444root 11241100x8000000000000000535988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.317d425ab7ba7f622021-12-21 11:30:48.444root 11241100x8000000000000000535989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bb29df325aac1e52021-12-21 11:30:48.444root 11241100x8000000000000000535990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a396d09a2750eef12021-12-21 11:30:48.444root 11241100x8000000000000000535991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79a4b39b458f7df62021-12-21 11:30:48.444root 11241100x8000000000000000535992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad86b536a5386392021-12-21 11:30:48.444root 11241100x8000000000000000535993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb66bc757147ff6a2021-12-21 11:30:48.444root 11241100x8000000000000000535994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d19229fb4d7adb42021-12-21 11:30:48.444root 11241100x8000000000000000535995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5975e0e913a933a72021-12-21 11:30:48.444root 11241100x8000000000000000535996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9621fd6d0ed160b92021-12-21 11:30:48.943root 11241100x8000000000000000535997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9f526150fdb6d7d2021-12-21 11:30:48.943root 11241100x8000000000000000535998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.509c745219971cf12021-12-21 11:30:48.943root 11241100x8000000000000000535999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8dca9762c8878612021-12-21 11:30:48.943root 11241100x8000000000000000536000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a35063ffeba12d832021-12-21 11:30:48.943root 11241100x8000000000000000536001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9aea8f9bd087ca12021-12-21 11:30:48.943root 11241100x8000000000000000536002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08645d500b4b85ec2021-12-21 11:30:48.944root 11241100x8000000000000000536003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e72d1f4cc9b3012021-12-21 11:30:48.944root 11241100x8000000000000000536004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9ca1b49b9b6f1b92021-12-21 11:30:48.944root 11241100x8000000000000000536005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be73a56f0a067642021-12-21 11:30:48.944root 11241100x8000000000000000536006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d0c2d5a11bf5c152021-12-21 11:30:48.944root 11241100x8000000000000000536007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20c342f952c9bee52021-12-21 11:30:48.944root 11241100x8000000000000000536008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eca7a0f81fc8ac32021-12-21 11:30:48.944root 11241100x8000000000000000536009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d684727cd640752c2021-12-21 11:30:48.944root 11241100x8000000000000000536010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3006dd528187adeb2021-12-21 11:30:48.944root 11241100x8000000000000000536011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.099d6767ec28517a2021-12-21 11:30:48.944root 354300x8000000000000000536012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.014{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48646-false10.0.1.12-8000- 11241100x8000000000000000536013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b64d38a2d09c7cf02021-12-21 11:30:49.443root 11241100x8000000000000000536014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fbcbc7de6b42b6e2021-12-21 11:30:49.443root 11241100x8000000000000000536015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4b461e3481cbae22021-12-21 11:30:49.443root 11241100x8000000000000000536016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a780f6960748e50e2021-12-21 11:30:49.443root 11241100x8000000000000000536017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4023444288a151632021-12-21 11:30:49.443root 11241100x8000000000000000536018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04da81619ebe04e32021-12-21 11:30:49.444root 11241100x8000000000000000536019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81bc7de2d88970732021-12-21 11:30:49.444root 11241100x8000000000000000536020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb4f0dd99200201e2021-12-21 11:30:49.444root 11241100x8000000000000000536021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3299b156c85250a2021-12-21 11:30:49.444root 11241100x8000000000000000536022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.272e2963547b05ee2021-12-21 11:30:49.444root 11241100x8000000000000000536023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6d941880acf3e142021-12-21 11:30:49.444root 11241100x8000000000000000536024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2910a0f983a3565a2021-12-21 11:30:49.444root 11241100x8000000000000000536025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40ff1bf88b08aa612021-12-21 11:30:49.444root 11241100x8000000000000000536026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c81d898ae2afde392021-12-21 11:30:49.444root 11241100x8000000000000000536027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d2fff18729c9beb2021-12-21 11:30:49.444root 11241100x8000000000000000536028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ff7d5516b6c69632021-12-21 11:30:49.444root 11241100x8000000000000000536029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ef14fc76762df462021-12-21 11:30:49.444root 11241100x8000000000000000536030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da8e6845695475c72021-12-21 11:30:49.943root 11241100x8000000000000000536031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.395380622cd7a4a32021-12-21 11:30:49.943root 11241100x8000000000000000536032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.502239a45f62b2d82021-12-21 11:30:49.943root 11241100x8000000000000000536033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cdcbe0f61bd78b52021-12-21 11:30:49.943root 11241100x8000000000000000536034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42d9b04a98be4f7c2021-12-21 11:30:49.943root 11241100x8000000000000000536035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52ea93dae814b2ec2021-12-21 11:30:49.944root 11241100x8000000000000000536036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4765679aac8410502021-12-21 11:30:49.944root 11241100x8000000000000000536037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62a36fc663b7da092021-12-21 11:30:49.944root 11241100x8000000000000000536038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f15f7576f0b8dff2021-12-21 11:30:49.944root 11241100x8000000000000000536039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a008a1cbd27b6cf32021-12-21 11:30:49.944root 11241100x8000000000000000536040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3710d6b9742561242021-12-21 11:30:49.944root 11241100x8000000000000000536041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8523bb3fa27c8d5d2021-12-21 11:30:49.944root 11241100x8000000000000000536042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef070c072c1d14172021-12-21 11:30:49.944root 11241100x8000000000000000536043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d12d227da4e97402021-12-21 11:30:49.944root 11241100x8000000000000000536044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70d97566fafee0402021-12-21 11:30:49.944root 11241100x8000000000000000536045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bede1550851c5212021-12-21 11:30:49.944root 11241100x8000000000000000536046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29cba7396038152b2021-12-21 11:30:49.944root 11241100x8000000000000000536047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6480353b2776ebc2021-12-21 11:30:50.443root 11241100x8000000000000000536048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5a4f6a96726fcec2021-12-21 11:30:50.443root 11241100x8000000000000000536049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dedd17086ce546612021-12-21 11:30:50.443root 11241100x8000000000000000536050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da2cc925397161bf2021-12-21 11:30:50.443root 11241100x8000000000000000536051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe71afa7f475ce642021-12-21 11:30:50.444root 11241100x8000000000000000536052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5544776db698e26b2021-12-21 11:30:50.444root 11241100x8000000000000000536053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00c90856125f578e2021-12-21 11:30:50.444root 11241100x8000000000000000536054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50f44f28755a21d32021-12-21 11:30:50.444root 11241100x8000000000000000536055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab50905c82867c122021-12-21 11:30:50.444root 11241100x8000000000000000536056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7ff764af9e8c99a2021-12-21 11:30:50.444root 11241100x8000000000000000536057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6cb6efeb28926372021-12-21 11:30:50.444root 11241100x8000000000000000536058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47a8d4d4865ed1e82021-12-21 11:30:50.444root 11241100x8000000000000000536059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbbbaf48ab68f32d2021-12-21 11:30:50.444root 11241100x8000000000000000536060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d112347b17235162021-12-21 11:30:50.444root 11241100x8000000000000000536061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cd33e882356ed592021-12-21 11:30:50.444root 11241100x8000000000000000536062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5752fc81dd4b62252021-12-21 11:30:50.445root 11241100x8000000000000000536063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b03e4ca01b8eefe2021-12-21 11:30:50.445root 11241100x8000000000000000536064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14a21bb86c81f69f2021-12-21 11:30:50.943root 11241100x8000000000000000536065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c555cd7a467adc7e2021-12-21 11:30:50.943root 11241100x8000000000000000536066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c262c863357fd5c62021-12-21 11:30:50.943root 11241100x8000000000000000536067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a009de2639b355172021-12-21 11:30:50.943root 11241100x8000000000000000536068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ec3ca7c9b04dc02021-12-21 11:30:50.944root 11241100x8000000000000000536069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b88c97a59fab16a22021-12-21 11:30:50.944root 11241100x8000000000000000536070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38794693b10f71a92021-12-21 11:30:50.944root 11241100x8000000000000000536071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.427d1b5becce5b492021-12-21 11:30:50.944root 11241100x8000000000000000536072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd437a744679517e2021-12-21 11:30:50.944root 11241100x8000000000000000536073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3cd7903ed7189a72021-12-21 11:30:50.944root 11241100x8000000000000000536074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7414227575b202642021-12-21 11:30:50.944root 11241100x8000000000000000536075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1f469645b2624a82021-12-21 11:30:50.944root 11241100x8000000000000000536076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c909d1421e484ec2021-12-21 11:30:50.944root 11241100x8000000000000000536077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53f9ce48bd056a432021-12-21 11:30:50.944root 11241100x8000000000000000536078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cdbb42831be49792021-12-21 11:30:50.944root 11241100x8000000000000000536079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6086231d8177eb3d2021-12-21 11:30:50.944root 11241100x8000000000000000536080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14af8eb4b272d7d72021-12-21 11:30:50.944root 11241100x8000000000000000536081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af5a9ac7a55ab0c72021-12-21 11:30:51.443root 11241100x8000000000000000536082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3905e7efcc2ef782021-12-21 11:30:51.443root 11241100x8000000000000000536083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c212008c7d84ca542021-12-21 11:30:51.443root 11241100x8000000000000000536084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5915925b0b1be3882021-12-21 11:30:51.443root 11241100x8000000000000000536085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6e26c6294cefc912021-12-21 11:30:51.444root 11241100x8000000000000000536086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef1befb29ab9b54f2021-12-21 11:30:51.444root 11241100x8000000000000000536087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.587a6c99343694182021-12-21 11:30:51.444root 11241100x8000000000000000536088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.704f8bf11538ed2d2021-12-21 11:30:51.444root 11241100x8000000000000000536089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dd6415446a37b302021-12-21 11:30:51.444root 11241100x8000000000000000536090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.312111e93bdefcde2021-12-21 11:30:51.444root 11241100x8000000000000000536091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5089904c1da3bc5d2021-12-21 11:30:51.444root 11241100x8000000000000000536092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f425fc0a556300e92021-12-21 11:30:51.444root 11241100x8000000000000000536093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78543ec57fcad57a2021-12-21 11:30:51.444root 11241100x8000000000000000536094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30b5d2c30ec919d82021-12-21 11:30:51.444root 11241100x8000000000000000536095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b73169544d8cbd0d2021-12-21 11:30:51.444root 11241100x8000000000000000536096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c163347e51a857992021-12-21 11:30:51.445root 11241100x8000000000000000536097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2aa4cccb7fb037c2021-12-21 11:30:51.445root 11241100x8000000000000000536098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fd2907cfd7f37b02021-12-21 11:30:51.943root 11241100x8000000000000000536099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5ef964d75bc7fdc2021-12-21 11:30:51.943root 11241100x8000000000000000536100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61ecf55b264fa6bc2021-12-21 11:30:51.943root 11241100x8000000000000000536101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2a0af390355d60c2021-12-21 11:30:51.943root 11241100x8000000000000000536102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2abd66b867fb082d2021-12-21 11:30:51.943root 11241100x8000000000000000536103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65567ddb0fe2443d2021-12-21 11:30:51.944root 11241100x8000000000000000536104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05867b820302086a2021-12-21 11:30:51.944root 11241100x8000000000000000536105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c06dc00ef60d1b2021-12-21 11:30:51.944root 11241100x8000000000000000536106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6b469df0ab3f3022021-12-21 11:30:51.944root 11241100x8000000000000000536107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cf22aca28ead6622021-12-21 11:30:51.944root 11241100x8000000000000000536108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1782d5fe38ab9fd42021-12-21 11:30:51.944root 11241100x8000000000000000536109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ed7a3089add310a2021-12-21 11:30:51.944root 11241100x8000000000000000536110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24fff2c4744622b62021-12-21 11:30:51.944root 11241100x8000000000000000536111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a6f5cc5adc2dadd2021-12-21 11:30:51.944root 11241100x8000000000000000536112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae2d6fd52ae0a7692021-12-21 11:30:51.944root 11241100x8000000000000000536113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e7dbf7f7e847722021-12-21 11:30:51.944root 11241100x8000000000000000536114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8e8c4d94124b2412021-12-21 11:30:51.944root 11241100x8000000000000000536115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c267927ae673ac192021-12-21 11:30:52.443root 11241100x8000000000000000536116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01843d113c2c20642021-12-21 11:30:52.443root 11241100x8000000000000000536117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1b6425953ded1f02021-12-21 11:30:52.443root 11241100x8000000000000000536118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83c235b6b7689f8e2021-12-21 11:30:52.443root 11241100x8000000000000000536119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5114e9239d6da84e2021-12-21 11:30:52.443root 11241100x8000000000000000536120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e32370648bca48b2021-12-21 11:30:52.443root 11241100x8000000000000000536121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ad2a7c0aacf89aa2021-12-21 11:30:52.444root 11241100x8000000000000000536122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af07a7784283df302021-12-21 11:30:52.444root 11241100x8000000000000000536123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a124982d121edb02021-12-21 11:30:52.444root 11241100x8000000000000000536124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b5ad19e6b2df6902021-12-21 11:30:52.444root 11241100x8000000000000000536125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7edf3e17ad8579f2021-12-21 11:30:52.444root 11241100x8000000000000000536126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbf0a3f79e8f91052021-12-21 11:30:52.444root 11241100x8000000000000000536127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.581ae821ecdc522d2021-12-21 11:30:52.444root 11241100x8000000000000000536128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1655a4fe8f199112021-12-21 11:30:52.444root 11241100x8000000000000000536129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1f19370571807d92021-12-21 11:30:52.444root 11241100x8000000000000000536130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5736bfdba9271d22021-12-21 11:30:52.444root 11241100x8000000000000000536131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d168b3e8da44c56b2021-12-21 11:30:52.444root 11241100x8000000000000000536132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55a4e5780159b2e32021-12-21 11:30:52.943root 11241100x8000000000000000536133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9301d51071d31a752021-12-21 11:30:52.943root 11241100x8000000000000000536134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c52d445e804926432021-12-21 11:30:52.943root 11241100x8000000000000000536135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50a9b5cd53f51fb52021-12-21 11:30:52.943root 11241100x8000000000000000536136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c029b56d87b031682021-12-21 11:30:52.944root 11241100x8000000000000000536137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e89bd4da89ab9ffb2021-12-21 11:30:52.944root 11241100x8000000000000000536138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbdcbd59fbfa7da82021-12-21 11:30:52.944root 11241100x8000000000000000536139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.315728c0773ffbcb2021-12-21 11:30:52.944root 11241100x8000000000000000536140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ecf708882660a742021-12-21 11:30:52.944root 11241100x8000000000000000536141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d148451eace50e7c2021-12-21 11:30:52.944root 11241100x8000000000000000536142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0459b19159768d592021-12-21 11:30:52.944root 11241100x8000000000000000536143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd96ad4c6bde8332021-12-21 11:30:52.944root 11241100x8000000000000000536144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75b94d39bb828d792021-12-21 11:30:52.944root 11241100x8000000000000000536145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfb259f6a0a2ed8b2021-12-21 11:30:52.944root 11241100x8000000000000000536146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae6b17007e17e5282021-12-21 11:30:52.944root 11241100x8000000000000000536147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.010485996e69fa722021-12-21 11:30:52.944root 11241100x8000000000000000536148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f76730dccb1d1b22021-12-21 11:30:52.944root 11241100x8000000000000000536149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8daa30c40af94f62021-12-21 11:30:53.443root 11241100x8000000000000000536150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8e915cc7b13dfa92021-12-21 11:30:53.443root 11241100x8000000000000000536151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddbb3834a1b548072021-12-21 11:30:53.443root 11241100x8000000000000000536152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5493c3f51f7b56c2021-12-21 11:30:53.443root 11241100x8000000000000000536153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.399bbc23722a7b402021-12-21 11:30:53.443root 11241100x8000000000000000536154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e70866804f6602402021-12-21 11:30:53.443root 11241100x8000000000000000536155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6059d4abd0a483c2021-12-21 11:30:53.444root 11241100x8000000000000000536156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e67f08faf14152b2021-12-21 11:30:53.444root 11241100x8000000000000000536157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90100ba286a83efb2021-12-21 11:30:53.444root 11241100x8000000000000000536158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c71cc037cf98cde42021-12-21 11:30:53.444root 11241100x8000000000000000536159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3b0fea271d13fa42021-12-21 11:30:53.444root 11241100x8000000000000000536160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15172a41500b14922021-12-21 11:30:53.444root 11241100x8000000000000000536161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1244269f74e4b3fe2021-12-21 11:30:53.444root 11241100x8000000000000000536162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d09df4f2fa1c0172021-12-21 11:30:53.444root 11241100x8000000000000000536163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f523f800a875e862021-12-21 11:30:53.444root 11241100x8000000000000000536164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.704d827827ce05852021-12-21 11:30:53.444root 11241100x8000000000000000536165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8595f47ac77783922021-12-21 11:30:53.444root 11241100x8000000000000000536166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bcdd4510d90be8f2021-12-21 11:30:53.943root 11241100x8000000000000000536167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d24e41d71ced5b3d2021-12-21 11:30:53.943root 11241100x8000000000000000536168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb210c9791ee6e402021-12-21 11:30:53.943root 11241100x8000000000000000536169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a13e94c5a6cb56412021-12-21 11:30:53.943root 11241100x8000000000000000536170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d467a903cf849302021-12-21 11:30:53.943root 11241100x8000000000000000536171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a750b3de228e7b42021-12-21 11:30:53.943root 11241100x8000000000000000536172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbe421c10e6c04a82021-12-21 11:30:53.944root 11241100x8000000000000000536173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4652386663f1239c2021-12-21 11:30:53.944root 11241100x8000000000000000536174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2bc2c57b15103852021-12-21 11:30:53.944root 11241100x8000000000000000536175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9962bcd2b37f5802021-12-21 11:30:53.944root 11241100x8000000000000000536176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e96690df9d0ed302021-12-21 11:30:53.944root 11241100x8000000000000000536177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f71da2086fea875e2021-12-21 11:30:53.944root 11241100x8000000000000000536178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4a0f6ed5214951c2021-12-21 11:30:53.944root 11241100x8000000000000000536179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c439060296306b052021-12-21 11:30:53.944root 11241100x8000000000000000536180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.431662f5f6eb44272021-12-21 11:30:53.944root 11241100x8000000000000000536181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f880431e9fcb7a92021-12-21 11:30:53.944root 11241100x8000000000000000536182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0db48a1c40ae86e2021-12-21 11:30:53.944root 354300x8000000000000000536183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.093{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48648-false10.0.1.12-8000- 11241100x8000000000000000536184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af8cf6cb01944c8f2021-12-21 11:30:54.443root 11241100x8000000000000000536185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cc439fe8a2647d62021-12-21 11:30:54.443root 11241100x8000000000000000536186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.714a9f5ea70702632021-12-21 11:30:54.443root 11241100x8000000000000000536187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3107516e823dbf972021-12-21 11:30:54.443root 11241100x8000000000000000536188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.285c2c49c43b29882021-12-21 11:30:54.444root 11241100x8000000000000000536189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad1019674a50a7c22021-12-21 11:30:54.444root 11241100x8000000000000000536190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41637f20a3bb79c62021-12-21 11:30:54.444root 11241100x8000000000000000536191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4602f5e14ba89682021-12-21 11:30:54.444root 11241100x8000000000000000536192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5edb1748a8a82c82021-12-21 11:30:54.444root 11241100x8000000000000000536193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f46d9a59a66f302b2021-12-21 11:30:54.444root 11241100x8000000000000000536194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.392e9cdc6dc6e36f2021-12-21 11:30:54.444root 11241100x8000000000000000536195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f9836b9b13948ab2021-12-21 11:30:54.444root 11241100x8000000000000000536196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6ea1f692a853cd32021-12-21 11:30:54.444root 11241100x8000000000000000536197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b13d513cdeaac0152021-12-21 11:30:54.444root 11241100x8000000000000000536198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.083bd8010b02927f2021-12-21 11:30:54.444root 11241100x8000000000000000536199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa118dee37a019222021-12-21 11:30:54.444root 11241100x8000000000000000536200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a20361762b1bd8f2021-12-21 11:30:54.444root 11241100x8000000000000000536201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a1ca4446f1215002021-12-21 11:30:54.444root 11241100x8000000000000000536202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed1fc472617f11102021-12-21 11:30:54.943root 11241100x8000000000000000536203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.253663ea67ee98dc2021-12-21 11:30:54.943root 11241100x8000000000000000536204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c7b51e4344202b2021-12-21 11:30:54.943root 11241100x8000000000000000536205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.525c8c840aaa64e92021-12-21 11:30:54.943root 11241100x8000000000000000536206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4abcd8b51a1457ee2021-12-21 11:30:54.943root 11241100x8000000000000000536207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.951908ce206b3e832021-12-21 11:30:54.944root 11241100x8000000000000000536208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.721d802072411f2b2021-12-21 11:30:54.944root 11241100x8000000000000000536209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bebc7fba3adc53252021-12-21 11:30:54.944root 11241100x8000000000000000536210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05e122c574d157112021-12-21 11:30:54.944root 11241100x8000000000000000536211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.767512e7d02ba23c2021-12-21 11:30:54.944root 11241100x8000000000000000536212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd5bfebe6eba69092021-12-21 11:30:54.944root 11241100x8000000000000000536213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed5ebeabd4bd5cc82021-12-21 11:30:54.944root 11241100x8000000000000000536214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c7c50c82716eda52021-12-21 11:30:54.944root 11241100x8000000000000000536215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8db6ebf53464aae2021-12-21 11:30:54.944root 11241100x8000000000000000536216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff508aa66ca5946e2021-12-21 11:30:54.944root 11241100x8000000000000000536217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dafc05a6296bae22021-12-21 11:30:54.944root 11241100x8000000000000000536218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.770c0fa533b2bad32021-12-21 11:30:54.944root 11241100x8000000000000000536219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a807220c35e71b2021-12-21 11:30:54.944root 11241100x8000000000000000536220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ef174aaccc119f22021-12-21 11:30:55.443root 11241100x8000000000000000536221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a589aee0b86f806c2021-12-21 11:30:55.443root 11241100x8000000000000000536222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d7bd0173d3f08e22021-12-21 11:30:55.444root 11241100x8000000000000000536223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.840d7deadee5b2e12021-12-21 11:30:55.444root 11241100x8000000000000000536224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5c3ad12b4a70d2d2021-12-21 11:30:55.444root 11241100x8000000000000000536225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2914a0f3b8b4ffa42021-12-21 11:30:55.444root 11241100x8000000000000000536226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d8abfcb1f1c00dd2021-12-21 11:30:55.444root 11241100x8000000000000000536227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.811d90306b3a921c2021-12-21 11:30:55.444root 11241100x8000000000000000536228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7587fbc9b12cb5012021-12-21 11:30:55.444root 11241100x8000000000000000536229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1a83829280e0e912021-12-21 11:30:55.444root 11241100x8000000000000000536230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94289908358c4ebf2021-12-21 11:30:55.444root 11241100x8000000000000000536231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f54a1e2d0a69a7b02021-12-21 11:30:55.444root 11241100x8000000000000000536232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d279f86c555c0dc2021-12-21 11:30:55.444root 11241100x8000000000000000536233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb64515c97640a822021-12-21 11:30:55.444root 11241100x8000000000000000536234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f15ae01cd6429f92021-12-21 11:30:55.444root 11241100x8000000000000000536235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c18b80c507bb34512021-12-21 11:30:55.444root 11241100x8000000000000000536236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f609a762cb60fcdf2021-12-21 11:30:55.444root 11241100x8000000000000000536237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64b2637f1ae032422021-12-21 11:30:55.445root 11241100x8000000000000000536238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c76b21839f8ed0192021-12-21 11:30:55.943root 11241100x8000000000000000536239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa2aa3169f7dfa32021-12-21 11:30:55.943root 11241100x8000000000000000536240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59c60de8dd9074552021-12-21 11:30:55.943root 11241100x8000000000000000536241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff942c8fc8e4eba02021-12-21 11:30:55.943root 11241100x8000000000000000536242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49a47cd4b364e4e22021-12-21 11:30:55.943root 11241100x8000000000000000536243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a19d701fa8e9712021-12-21 11:30:55.944root 11241100x8000000000000000536244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab60eacb4960d12e2021-12-21 11:30:55.944root 11241100x8000000000000000536245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90a3d434978f86c42021-12-21 11:30:55.944root 11241100x8000000000000000536246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.060ec4dd5b3303592021-12-21 11:30:55.944root 11241100x8000000000000000536247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f3b30137fc31f232021-12-21 11:30:55.944root 11241100x8000000000000000536248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e533dc745b83a4bb2021-12-21 11:30:55.944root 11241100x8000000000000000536249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26fd957e4ac4c7cd2021-12-21 11:30:55.944root 11241100x8000000000000000536250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28562361ab3e40a72021-12-21 11:30:55.944root 11241100x8000000000000000536251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1becc68eec066cfe2021-12-21 11:30:55.944root 11241100x8000000000000000536252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a3b98ce0e9849bb2021-12-21 11:30:55.944root 11241100x8000000000000000536253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e984fecb69539b02021-12-21 11:30:55.944root 11241100x8000000000000000536254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0723b480bcf0a4082021-12-21 11:30:55.944root 11241100x8000000000000000536255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def21e8d597c4a492021-12-21 11:30:55.944root 11241100x8000000000000000536256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c5d31105d117ca2021-12-21 11:30:56.443root 11241100x8000000000000000536257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc7a55799f941a62021-12-21 11:30:56.443root 11241100x8000000000000000536258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00e208df6f1037f62021-12-21 11:30:56.443root 11241100x8000000000000000536259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.534004217f17126a2021-12-21 11:30:56.443root 11241100x8000000000000000536260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ae7f22446bd5252021-12-21 11:30:56.443root 11241100x8000000000000000536261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0031477867cd6d92021-12-21 11:30:56.444root 11241100x8000000000000000536262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64bcec6593a1ff602021-12-21 11:30:56.444root 11241100x8000000000000000536263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb863f8c71e6632b2021-12-21 11:30:56.444root 11241100x8000000000000000536264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7004e58d658cbd152021-12-21 11:30:56.444root 11241100x8000000000000000536265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0232658a08653a5a2021-12-21 11:30:56.444root 11241100x8000000000000000536266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.664de0ff7dab873f2021-12-21 11:30:56.444root 11241100x8000000000000000536267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ca17947b42930762021-12-21 11:30:56.444root 11241100x8000000000000000536268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b39c2c0bd39114e2021-12-21 11:30:56.444root 11241100x8000000000000000536269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4885a606072ae35b2021-12-21 11:30:56.444root 11241100x8000000000000000536270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27a16118c68bef142021-12-21 11:30:56.444root 11241100x8000000000000000536271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8ac385a1b10caa52021-12-21 11:30:56.444root 11241100x8000000000000000536272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e523ddfb7eefeff02021-12-21 11:30:56.444root 11241100x8000000000000000536273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.880d6ce3fc9eb1872021-12-21 11:30:56.444root 11241100x8000000000000000536274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.165e08326aebc6b22021-12-21 11:30:56.943root 11241100x8000000000000000536275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc6647f61a8610f12021-12-21 11:30:56.943root 11241100x8000000000000000536276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1864f1fd239087ff2021-12-21 11:30:56.943root 11241100x8000000000000000536277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2aabb056e4f9a822021-12-21 11:30:56.943root 11241100x8000000000000000536278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59c042ecedc8b1da2021-12-21 11:30:56.943root 11241100x8000000000000000536279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e97b05c95b4bbff2021-12-21 11:30:56.944root 11241100x8000000000000000536280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f80b5a1547785f42021-12-21 11:30:56.944root 11241100x8000000000000000536281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11880df01b0b44db2021-12-21 11:30:56.944root 11241100x8000000000000000536282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c1193ad2fcd88aa2021-12-21 11:30:56.944root 11241100x8000000000000000536283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2345fa65d85007722021-12-21 11:30:56.944root 11241100x8000000000000000536284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb07b67d307403d62021-12-21 11:30:56.944root 11241100x8000000000000000536285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5768c1b0123e24c42021-12-21 11:30:56.944root 11241100x8000000000000000536286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12b358e75ead6b842021-12-21 11:30:56.944root 11241100x8000000000000000536287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c6848c56463a0262021-12-21 11:30:56.944root 11241100x8000000000000000536288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccbf65261867827f2021-12-21 11:30:56.944root 11241100x8000000000000000536289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf88fe245ab03f272021-12-21 11:30:56.944root 11241100x8000000000000000536290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d290dd93d188ee6a2021-12-21 11:30:56.944root 11241100x8000000000000000536291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c58133d68ea8d70f2021-12-21 11:30:56.944root 11241100x8000000000000000536292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ebf69c3558bc4712021-12-21 11:30:57.443root 11241100x8000000000000000536293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2429ca4d9e5d26912021-12-21 11:30:57.443root 11241100x8000000000000000536294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e4bd3dc0887baf22021-12-21 11:30:57.443root 11241100x8000000000000000536295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb15c0a1834839c62021-12-21 11:30:57.443root 11241100x8000000000000000536296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1df18a868a9285e62021-12-21 11:30:57.443root 11241100x8000000000000000536297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b3619c7e9c3969b2021-12-21 11:30:57.444root 11241100x8000000000000000536298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.107547535ef0d4062021-12-21 11:30:57.444root 11241100x8000000000000000536299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b66f4f6185b38dcd2021-12-21 11:30:57.444root 11241100x8000000000000000536300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd063272d570fc6d2021-12-21 11:30:57.444root 11241100x8000000000000000536301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b622d3c567c0827e2021-12-21 11:30:57.444root 11241100x8000000000000000536302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd3b7eb9266609312021-12-21 11:30:57.444root 11241100x8000000000000000536303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b245cb7994e8ec642021-12-21 11:30:57.444root 11241100x8000000000000000536304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc06a9623a6a3f452021-12-21 11:30:57.444root 11241100x8000000000000000536305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95fb4c5747b8aa392021-12-21 11:30:57.444root 11241100x8000000000000000536306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff57ed2a10a778da2021-12-21 11:30:57.444root 11241100x8000000000000000536307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8858d3faf7deb0b2021-12-21 11:30:57.444root 11241100x8000000000000000536308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26a1a967c5515cff2021-12-21 11:30:57.444root 11241100x8000000000000000536309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec70f113b68988992021-12-21 11:30:57.444root 11241100x8000000000000000536310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fee00298a7d6e5ef2021-12-21 11:30:57.943root 11241100x8000000000000000536311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f59e82541d4b253f2021-12-21 11:30:57.943root 11241100x8000000000000000536312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.104951ac57b8b9302021-12-21 11:30:57.944root 11241100x8000000000000000536313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9cf61cd05ebdb962021-12-21 11:30:57.944root 11241100x8000000000000000536314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.147442624a4f796a2021-12-21 11:30:57.944root 11241100x8000000000000000536315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e73eebfefec685b2021-12-21 11:30:57.944root 11241100x8000000000000000536316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9189101eebb6ea8e2021-12-21 11:30:57.944root 11241100x8000000000000000536317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da68a54c8b8654602021-12-21 11:30:57.944root 11241100x8000000000000000536318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf5a77a2c953b5552021-12-21 11:30:57.944root 11241100x8000000000000000536319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41eca22d9fda16922021-12-21 11:30:57.944root 11241100x8000000000000000536320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f53d146a61630e4f2021-12-21 11:30:57.944root 11241100x8000000000000000536321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd7e9a8a799924712021-12-21 11:30:57.944root 11241100x8000000000000000536322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95fef695c9253a362021-12-21 11:30:57.944root 11241100x8000000000000000536323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.866120c1dd0dd6012021-12-21 11:30:57.944root 11241100x8000000000000000536324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae004ca53e5ec6c22021-12-21 11:30:57.944root 11241100x8000000000000000536325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15684961c4f237102021-12-21 11:30:57.944root 11241100x8000000000000000536326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faa9405abee7b7662021-12-21 11:30:57.944root 11241100x8000000000000000536327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fb87c3a73f5f7812021-12-21 11:30:57.944root 11241100x8000000000000000536328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d61bfd78e587b1b2021-12-21 11:30:58.443root 11241100x8000000000000000536329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec1e29e4ef16d1df2021-12-21 11:30:58.443root 11241100x8000000000000000536330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6a29be4c38ef07f2021-12-21 11:30:58.443root 11241100x8000000000000000536331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cf0212ef6bd68ff2021-12-21 11:30:58.443root 11241100x8000000000000000536332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5bad4eab88e67732021-12-21 11:30:58.443root 11241100x8000000000000000536333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a647193202b7abf2021-12-21 11:30:58.444root 11241100x8000000000000000536334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c0067eb1f55f8022021-12-21 11:30:58.444root 11241100x8000000000000000536335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c936b73a1267602e2021-12-21 11:30:58.444root 11241100x8000000000000000536336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a48a62a53a553ee52021-12-21 11:30:58.444root 11241100x8000000000000000536337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de85de0ff14005c72021-12-21 11:30:58.444root 11241100x8000000000000000536338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d31a0e38e24ca43e2021-12-21 11:30:58.444root 11241100x8000000000000000536339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76193bc7ec24a4c42021-12-21 11:30:58.444root 11241100x8000000000000000536340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.691b21d6db36cfed2021-12-21 11:30:58.444root 11241100x8000000000000000536341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0e5dc54b96896a22021-12-21 11:30:58.444root 11241100x8000000000000000536342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c3470ea471f70092021-12-21 11:30:58.444root 11241100x8000000000000000536343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ac614a037f618f72021-12-21 11:30:58.444root 11241100x8000000000000000536344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fc2d7ad1b7095012021-12-21 11:30:58.444root 11241100x8000000000000000536345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6e47ebe9765cc332021-12-21 11:30:58.444root 11241100x8000000000000000536346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3aa3cbcab1580e52021-12-21 11:30:58.943root 11241100x8000000000000000536347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5528b5f7089dbe372021-12-21 11:30:58.943root 11241100x8000000000000000536348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.812f25a3046916422021-12-21 11:30:58.943root 11241100x8000000000000000536349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.575add82d915d9b22021-12-21 11:30:58.943root 11241100x8000000000000000536350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.200121d83929d4fd2021-12-21 11:30:58.943root 11241100x8000000000000000536351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee89387e5bf3d1c62021-12-21 11:30:58.944root 11241100x8000000000000000536352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29e6a52c016853d82021-12-21 11:30:58.944root 11241100x8000000000000000536353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2668bfb58086be152021-12-21 11:30:58.944root 11241100x8000000000000000536354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbd02efb9f0208cf2021-12-21 11:30:58.944root 11241100x8000000000000000536355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d988d79472ffb212021-12-21 11:30:58.944root 11241100x8000000000000000536356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c7fb397dc12b3242021-12-21 11:30:58.944root 11241100x8000000000000000536357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88b412fa1a6179132021-12-21 11:30:58.944root 11241100x8000000000000000536358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48731e58d78afd482021-12-21 11:30:58.944root 11241100x8000000000000000536359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96b54ff949d7edf52021-12-21 11:30:58.944root 11241100x8000000000000000536360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf73648e99fe4fdb2021-12-21 11:30:58.944root 11241100x8000000000000000536361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4c5e821c5adde922021-12-21 11:30:58.944root 11241100x8000000000000000536362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1852ee6f139d01af2021-12-21 11:30:58.944root 11241100x8000000000000000536363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73483562835ada7a2021-12-21 11:30:58.944root 11241100x8000000000000000536364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1dca7db36dccea02021-12-21 11:30:59.443root 11241100x8000000000000000536365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74ed0366fd1b98352021-12-21 11:30:59.443root 11241100x8000000000000000536366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1489423e615ed1c52021-12-21 11:30:59.443root 11241100x8000000000000000536367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d44ae2f6f11ab6452021-12-21 11:30:59.443root 11241100x8000000000000000536368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.943eb9bba253a80b2021-12-21 11:30:59.444root 11241100x8000000000000000536369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d915926e85835be2021-12-21 11:30:59.444root 11241100x8000000000000000536370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eabcefc19504ebc2021-12-21 11:30:59.444root 11241100x8000000000000000536371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31f01751c5a43ba42021-12-21 11:30:59.444root 11241100x8000000000000000536372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afce23e7171bef812021-12-21 11:30:59.444root 11241100x8000000000000000536373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8787f981a09ea1b62021-12-21 11:30:59.444root 11241100x8000000000000000536374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb7b964685aab7f02021-12-21 11:30:59.444root 11241100x8000000000000000536375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2215065c33867ee42021-12-21 11:30:59.444root 11241100x8000000000000000536376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.930872a04fe187712021-12-21 11:30:59.444root 11241100x8000000000000000536377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df0ef5b4b17c181d2021-12-21 11:30:59.444root 11241100x8000000000000000536378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c12063a86a8455942021-12-21 11:30:59.444root 11241100x8000000000000000536379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff72b65d6adb678f2021-12-21 11:30:59.444root 11241100x8000000000000000536380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da8d326ccb22b4442021-12-21 11:30:59.444root 11241100x8000000000000000536381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19786d9ab13047092021-12-21 11:30:59.444root 11241100x8000000000000000536382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f5d3bd4e19a1d3c2021-12-21 11:30:59.943root 11241100x8000000000000000536383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.723c62a9f26984142021-12-21 11:30:59.943root 11241100x8000000000000000536384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f068f826d9c9311a2021-12-21 11:30:59.943root 11241100x8000000000000000536385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee8c46ce2fcca7212021-12-21 11:30:59.943root 11241100x8000000000000000536386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b53f3d09576a532021-12-21 11:30:59.943root 11241100x8000000000000000536387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c65a8351483788c62021-12-21 11:30:59.944root 11241100x8000000000000000536388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ef74d42b66b4fc62021-12-21 11:30:59.944root 11241100x8000000000000000536389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2493245add2ae9f12021-12-21 11:30:59.944root 11241100x8000000000000000536390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7b0629f219ed79f2021-12-21 11:30:59.944root 11241100x8000000000000000536391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c790be9f4d3340f2021-12-21 11:30:59.944root 11241100x8000000000000000536392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec0b2693550125412021-12-21 11:30:59.944root 11241100x8000000000000000536393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e3f3b9b207051992021-12-21 11:30:59.944root 11241100x8000000000000000536394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dda85cc4daf697a42021-12-21 11:30:59.944root 11241100x8000000000000000536395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2dd4bf444c1e4f42021-12-21 11:30:59.944root 11241100x8000000000000000536396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea0e9431d3a93c62021-12-21 11:30:59.944root 11241100x8000000000000000536397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f405fc51bf94292a2021-12-21 11:30:59.944root 11241100x8000000000000000536398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be1a16c065958ce2021-12-21 11:30:59.944root 11241100x8000000000000000536399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1e9aa377b6ab6062021-12-21 11:30:59.944root 354300x8000000000000000536400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.079{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48650-false10.0.1.12-8000- 11241100x8000000000000000536401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99345b66f1350d342021-12-21 11:31:00.443root 11241100x8000000000000000536402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc6d09356900259c2021-12-21 11:31:00.443root 11241100x8000000000000000536403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b60bde5d1b44133d2021-12-21 11:31:00.443root 11241100x8000000000000000536404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3808b5f06a6180842021-12-21 11:31:00.444root 11241100x8000000000000000536405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ecf6ce8ef4cfbb2021-12-21 11:31:00.444root 11241100x8000000000000000536406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d38bf4d48d37b492021-12-21 11:31:00.444root 11241100x8000000000000000536407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e78b12292471161e2021-12-21 11:31:00.444root 11241100x8000000000000000536408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cf7bc2853493d1a2021-12-21 11:31:00.444root 11241100x8000000000000000536409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0095364fa63300c2021-12-21 11:31:00.444root 11241100x8000000000000000536410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af9992c0e0b5a4212021-12-21 11:31:00.444root 11241100x8000000000000000536411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b53976e00e7520fd2021-12-21 11:31:00.444root 11241100x8000000000000000536412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40592e521b48a4c12021-12-21 11:31:00.444root 11241100x8000000000000000536413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f34eb6fe99227fc2021-12-21 11:31:00.444root 11241100x8000000000000000536414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b87e11a064cfe22021-12-21 11:31:00.444root 11241100x8000000000000000536415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2489f39f4e73af962021-12-21 11:31:00.444root 11241100x8000000000000000536416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cdd134b164b14722021-12-21 11:31:00.444root 11241100x8000000000000000536417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b02e719758ec14e02021-12-21 11:31:00.444root 11241100x8000000000000000536418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.880fe057a56836382021-12-21 11:31:00.444root 11241100x8000000000000000536419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c274a148dc872292021-12-21 11:31:00.445root 11241100x8000000000000000536420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89fe0895417f03f92021-12-21 11:31:00.943root 11241100x8000000000000000536421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.196b3a54963cbdd12021-12-21 11:31:00.943root 11241100x8000000000000000536422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b8d3bf334c2194d2021-12-21 11:31:00.943root 11241100x8000000000000000536423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d4c2008124bc9b2021-12-21 11:31:00.943root 11241100x8000000000000000536424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7320695a6a0639e52021-12-21 11:31:00.944root 11241100x8000000000000000536425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87c057cb1a48a4102021-12-21 11:31:00.944root 11241100x8000000000000000536426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b37e9d38e6bbe3bb2021-12-21 11:31:00.944root 11241100x8000000000000000536427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36a7f791e81fed982021-12-21 11:31:00.944root 11241100x8000000000000000536428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb8dcbf0e192818a2021-12-21 11:31:00.944root 11241100x8000000000000000536429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6308207f4d06085f2021-12-21 11:31:00.944root 11241100x8000000000000000536430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96f880dd36fe63072021-12-21 11:31:00.944root 11241100x8000000000000000536431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c75f5efe2ff7d1912021-12-21 11:31:00.944root 11241100x8000000000000000536432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57fe22e681909fa22021-12-21 11:31:00.944root 11241100x8000000000000000536433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd391c772ee875bf2021-12-21 11:31:00.944root 11241100x8000000000000000536434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79c516abed53b3f32021-12-21 11:31:00.944root 11241100x8000000000000000536435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a242f36ec40a9c212021-12-21 11:31:00.945root 11241100x8000000000000000536436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e35a583674ffe1162021-12-21 11:31:00.945root 11241100x8000000000000000536437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff1cd07d5b1016b2021-12-21 11:31:00.945root 11241100x8000000000000000536438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53b21ebc7d8fa46d2021-12-21 11:31:00.945root 11241100x8000000000000000536439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7b88c85b9e433d82021-12-21 11:31:01.443root 11241100x8000000000000000536440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12ada3bc50a14e992021-12-21 11:31:01.443root 11241100x8000000000000000536441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e256b5a2347441642021-12-21 11:31:01.443root 11241100x8000000000000000536442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78ab94ac22ed3fb32021-12-21 11:31:01.443root 11241100x8000000000000000536443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c076d1d6213a4a8e2021-12-21 11:31:01.444root 11241100x8000000000000000536444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2f887c730367ff22021-12-21 11:31:01.444root 11241100x8000000000000000536445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.000d8d75814924502021-12-21 11:31:01.444root 11241100x8000000000000000536446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f642118880c1df32021-12-21 11:31:01.444root 11241100x8000000000000000536447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45bedea40568a29c2021-12-21 11:31:01.444root 11241100x8000000000000000536448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1a1d72a0f21d8782021-12-21 11:31:01.444root 11241100x8000000000000000536449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d48516c2665ffcb52021-12-21 11:31:01.444root 11241100x8000000000000000536450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86e2cad4411794e42021-12-21 11:31:01.444root 11241100x8000000000000000536451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2089c45f7fb8ac662021-12-21 11:31:01.444root 11241100x8000000000000000536452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53c6cf019c19eda32021-12-21 11:31:01.444root 11241100x8000000000000000536453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.916e2aad23b43ee12021-12-21 11:31:01.444root 11241100x8000000000000000536454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95fabf336b5d2b852021-12-21 11:31:01.444root 11241100x8000000000000000536455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cb16afb587cb0e12021-12-21 11:31:01.444root 11241100x8000000000000000536456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b51f281fe0de3cb2021-12-21 11:31:01.444root 11241100x8000000000000000536457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.872947131eb921262021-12-21 11:31:01.444root 11241100x8000000000000000536458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef002fd54fbb3f2a2021-12-21 11:31:01.943root 11241100x8000000000000000536459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54948aca0414f9ab2021-12-21 11:31:01.943root 11241100x8000000000000000536460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c6f958ca115c2b2021-12-21 11:31:01.943root 11241100x8000000000000000536461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f1cf4f0da5953622021-12-21 11:31:01.943root 11241100x8000000000000000536462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8c838efb33f517e2021-12-21 11:31:01.944root 11241100x8000000000000000536463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ecce9f39acf17722021-12-21 11:31:01.944root 11241100x8000000000000000536464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78aa2a0fcb74d5752021-12-21 11:31:01.944root 11241100x8000000000000000536465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c53125b971063a172021-12-21 11:31:01.944root 11241100x8000000000000000536466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca652ff71ff295562021-12-21 11:31:01.944root 11241100x8000000000000000536467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e32c91e6c69973642021-12-21 11:31:01.944root 11241100x8000000000000000536468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07a137b6efe48a1e2021-12-21 11:31:01.944root 11241100x8000000000000000536469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ab0cf83387a79f82021-12-21 11:31:01.944root 11241100x8000000000000000536470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9af38be8f629c1962021-12-21 11:31:01.944root 11241100x8000000000000000536471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf03259b9f94a2892021-12-21 11:31:01.944root 11241100x8000000000000000536472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d459f1cf01147ac92021-12-21 11:31:01.944root 11241100x8000000000000000536473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23a3e8baea3d00cc2021-12-21 11:31:01.944root 11241100x8000000000000000536474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10576443ddef30e12021-12-21 11:31:01.944root 11241100x8000000000000000536475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.649eb4161541074a2021-12-21 11:31:01.944root 11241100x8000000000000000536476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a8fb1368cb588b72021-12-21 11:31:01.944root 11241100x8000000000000000536477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e580408fffd8be152021-12-21 11:31:02.443root 11241100x8000000000000000536478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c17dcde5791702982021-12-21 11:31:02.443root 11241100x8000000000000000536479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ccc4cc6d7e4d8e82021-12-21 11:31:02.443root 11241100x8000000000000000536480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fb1f6f486226f0c2021-12-21 11:31:02.443root 11241100x8000000000000000536481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc1fea2b4e18d76d2021-12-21 11:31:02.443root 11241100x8000000000000000536482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a437ab74b0eae5072021-12-21 11:31:02.444root 11241100x8000000000000000536483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bf9d169c3c987f72021-12-21 11:31:02.444root 11241100x8000000000000000536484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a12ea2e2d8ffa342021-12-21 11:31:02.444root 11241100x8000000000000000536485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed81041b341ac032021-12-21 11:31:02.444root 11241100x8000000000000000536486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dde57f83e0f0f182021-12-21 11:31:02.444root 11241100x8000000000000000536487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dab5d829dc587fed2021-12-21 11:31:02.444root 11241100x8000000000000000536488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cc196b1218a537b2021-12-21 11:31:02.444root 11241100x8000000000000000536489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b6398651717c13d2021-12-21 11:31:02.444root 11241100x8000000000000000536490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e8c2fbd6bbc61742021-12-21 11:31:02.444root 11241100x8000000000000000536491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d706e0436f465582021-12-21 11:31:02.444root 11241100x8000000000000000536492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7d083ae9b09954d2021-12-21 11:31:02.444root 11241100x8000000000000000536493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c372d59150e61ebf2021-12-21 11:31:02.444root 11241100x8000000000000000536494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24c6e8089cd85af12021-12-21 11:31:02.444root 11241100x8000000000000000536495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fefbd6210c6553ea2021-12-21 11:31:02.444root 11241100x8000000000000000536496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b3c79a51ced1d4c2021-12-21 11:31:02.943root 11241100x8000000000000000536497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afaca544b62334d82021-12-21 11:31:02.943root 11241100x8000000000000000536498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cfacde60d38d91c2021-12-21 11:31:02.943root 11241100x8000000000000000536499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c22dffa879f49ca2021-12-21 11:31:02.943root 11241100x8000000000000000536500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c695df4d857f08322021-12-21 11:31:02.944root 11241100x8000000000000000536501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77ee6e04b15dcfed2021-12-21 11:31:02.944root 11241100x8000000000000000536502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed59d80abd743612021-12-21 11:31:02.944root 11241100x8000000000000000536503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.432be53141cb99e22021-12-21 11:31:02.944root 11241100x8000000000000000536504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce3a22f4b48d29172021-12-21 11:31:02.944root 11241100x8000000000000000536505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9541f21294a5b60e2021-12-21 11:31:02.944root 11241100x8000000000000000536506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f2da83015d2e00e2021-12-21 11:31:02.944root 11241100x8000000000000000536507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4c9244d32b9ba9f2021-12-21 11:31:02.944root 11241100x8000000000000000536508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2303f2680220413d2021-12-21 11:31:02.944root 11241100x8000000000000000536509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.133222af40d04bdc2021-12-21 11:31:02.944root 11241100x8000000000000000536510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b94b609d06aec1212021-12-21 11:31:02.944root 11241100x8000000000000000536511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a12b3db3c2e8b692021-12-21 11:31:02.944root 11241100x8000000000000000536512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.592c26ae6ee40e6e2021-12-21 11:31:02.944root 11241100x8000000000000000536513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef98518a7c76e2a82021-12-21 11:31:02.944root 11241100x8000000000000000536514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.601ae32bfe8bfb4d2021-12-21 11:31:02.944root 11241100x8000000000000000536515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2385fbcc6f0012b12021-12-21 11:31:03.443root 11241100x8000000000000000536516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6d57e187bd7b90d2021-12-21 11:31:03.443root 11241100x8000000000000000536517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8d4e2824d3e583c2021-12-21 11:31:03.443root 11241100x8000000000000000536518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce25672639379f512021-12-21 11:31:03.443root 11241100x8000000000000000536519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18bcb8aefa4cf70b2021-12-21 11:31:03.444root 11241100x8000000000000000536520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fec48f5d29f348da2021-12-21 11:31:03.444root 11241100x8000000000000000536521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8f832c7b7c5cbac2021-12-21 11:31:03.444root 11241100x8000000000000000536522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.908955e53bcd3ab42021-12-21 11:31:03.444root 11241100x8000000000000000536523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a48bdf2d20e321112021-12-21 11:31:03.444root 11241100x8000000000000000536524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2f3efc464cc80472021-12-21 11:31:03.444root 11241100x8000000000000000536525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.631f7d7eaf19af752021-12-21 11:31:03.444root 11241100x8000000000000000536526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82418fcbedaee65a2021-12-21 11:31:03.444root 11241100x8000000000000000536527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c84584656ecf412021-12-21 11:31:03.444root 11241100x8000000000000000536528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede0abd8d8d022fa2021-12-21 11:31:03.444root 11241100x8000000000000000536529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.252ea145efd613792021-12-21 11:31:03.444root 11241100x8000000000000000536530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f23c2d77761c4912021-12-21 11:31:03.444root 11241100x8000000000000000536531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50d570be47ff5c302021-12-21 11:31:03.444root 11241100x8000000000000000536532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d68dd68d3ebd5762021-12-21 11:31:03.444root 11241100x8000000000000000536533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d704211a7502d872021-12-21 11:31:03.444root 11241100x8000000000000000536534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d286302f7ff35482021-12-21 11:31:03.943root 11241100x8000000000000000536535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d947ecfac19b2b452021-12-21 11:31:03.943root 11241100x8000000000000000536536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a302952f07a57d2021-12-21 11:31:03.943root 11241100x8000000000000000536537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23f3f6edd5ca1e192021-12-21 11:31:03.943root 11241100x8000000000000000536538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbab8e16de69ab0b2021-12-21 11:31:03.944root 11241100x8000000000000000536539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f75fc9acbd29bdfa2021-12-21 11:31:03.944root 11241100x8000000000000000536540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fadcc27b711008e72021-12-21 11:31:03.944root 11241100x8000000000000000536541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0588776f75722e2e2021-12-21 11:31:03.944root 11241100x8000000000000000536542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0905d7318b42ee72021-12-21 11:31:03.944root 11241100x8000000000000000536543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e4cb1d04f7859692021-12-21 11:31:03.944root 11241100x8000000000000000536544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02c5668565467f3c2021-12-21 11:31:03.944root 11241100x8000000000000000536545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc24bb2d554b38972021-12-21 11:31:03.944root 11241100x8000000000000000536546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc178d28ada04bc2021-12-21 11:31:03.944root 11241100x8000000000000000536547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fac8c38a48db8242021-12-21 11:31:03.944root 11241100x8000000000000000536548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba77947ef24ed6582021-12-21 11:31:03.944root 11241100x8000000000000000536549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.189b231a3181f2ec2021-12-21 11:31:03.944root 11241100x8000000000000000536550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcf8fada689007fa2021-12-21 11:31:03.944root 11241100x8000000000000000536551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6729a09d713f7dc2021-12-21 11:31:03.944root 11241100x8000000000000000536552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce4a8e67b10908592021-12-21 11:31:03.944root 11241100x8000000000000000536553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8555ee4ea1ffb9e2021-12-21 11:31:04.443root 11241100x8000000000000000536554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a768305f2c960e52021-12-21 11:31:04.443root 11241100x8000000000000000536555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.626acb87902b80ff2021-12-21 11:31:04.443root 11241100x8000000000000000536556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76acaccfaf5f87ab2021-12-21 11:31:04.443root 11241100x8000000000000000536557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26617470060da7182021-12-21 11:31:04.444root 11241100x8000000000000000536558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c9381fc14c737552021-12-21 11:31:04.444root 11241100x8000000000000000536559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c643fec422e05c3d2021-12-21 11:31:04.444root 11241100x8000000000000000536560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b334bcde3951f1fc2021-12-21 11:31:04.444root 11241100x8000000000000000536561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b729033e9b4db9aa2021-12-21 11:31:04.444root 11241100x8000000000000000536562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c10c95ef2e27ddd52021-12-21 11:31:04.444root 11241100x8000000000000000536563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf895de928521412021-12-21 11:31:04.444root 11241100x8000000000000000536564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9478f8bf0fd3db5e2021-12-21 11:31:04.444root 11241100x8000000000000000536565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2581dc8e97bd70732021-12-21 11:31:04.444root 11241100x8000000000000000536566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8aab46f2afd60512021-12-21 11:31:04.444root 11241100x8000000000000000536567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc675cb748fb08982021-12-21 11:31:04.444root 11241100x8000000000000000536568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61a4f395f95805692021-12-21 11:31:04.444root 11241100x8000000000000000536569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0166b8fcc448188f2021-12-21 11:31:04.444root 11241100x8000000000000000536570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e7917a5577783c22021-12-21 11:31:04.444root 11241100x8000000000000000536571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a22afe07e068493b2021-12-21 11:31:04.444root 11241100x8000000000000000536572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14eca463a699e47b2021-12-21 11:31:04.943root 11241100x8000000000000000536573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b65ac0825c678f082021-12-21 11:31:04.943root 11241100x8000000000000000536574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b8df7717a3ea5b22021-12-21 11:31:04.943root 11241100x8000000000000000536575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab8b3052b3865afd2021-12-21 11:31:04.944root 11241100x8000000000000000536576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a40501f0885b5f312021-12-21 11:31:04.944root 11241100x8000000000000000536577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.189b315c22777a582021-12-21 11:31:04.944root 11241100x8000000000000000536578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2a52fbeda54edbf2021-12-21 11:31:04.944root 11241100x8000000000000000536579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bf4f972e668807e2021-12-21 11:31:04.944root 11241100x8000000000000000536580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b087a3ec29dba99f2021-12-21 11:31:04.944root 11241100x8000000000000000536581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88c01bc86ae575f72021-12-21 11:31:04.944root 11241100x8000000000000000536582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10f9a4eff87e8e152021-12-21 11:31:04.944root 11241100x8000000000000000536583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79d91a4b30aac3a72021-12-21 11:31:04.944root 11241100x8000000000000000536584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede8c8084168fa212021-12-21 11:31:04.944root 11241100x8000000000000000536585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a427ce82cf517e1a2021-12-21 11:31:04.944root 11241100x8000000000000000536586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58c8aee1b4c2bd122021-12-21 11:31:04.944root 11241100x8000000000000000536587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41642654ed7089f42021-12-21 11:31:04.944root 11241100x8000000000000000536588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e1396b105973d1d2021-12-21 11:31:04.944root 11241100x8000000000000000536589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df9ceec29e171bee2021-12-21 11:31:04.944root 11241100x8000000000000000536590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6273d7d9f230c5962021-12-21 11:31:04.944root 354300x8000000000000000536591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.104{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48652-false10.0.1.12-8000- 11241100x8000000000000000536592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97f2a0480993fa3e2021-12-21 11:31:05.443root 11241100x8000000000000000536593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34db09c3928583ce2021-12-21 11:31:05.444root 11241100x8000000000000000536594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bbd32eca5223b842021-12-21 11:31:05.444root 11241100x8000000000000000536595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0457d2acc07ffee52021-12-21 11:31:05.444root 11241100x8000000000000000536596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7659472af34dd5a92021-12-21 11:31:05.444root 11241100x8000000000000000536597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3acede31408408c32021-12-21 11:31:05.444root 11241100x8000000000000000536598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ab0e4abff9833ae2021-12-21 11:31:05.444root 11241100x8000000000000000536599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c3cba48ca0aaf022021-12-21 11:31:05.444root 11241100x8000000000000000536600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b39d078b7462a1f62021-12-21 11:31:05.444root 11241100x8000000000000000536601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25f59bd3449799492021-12-21 11:31:05.444root 11241100x8000000000000000536602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea41db41e3fd90c2021-12-21 11:31:05.444root 11241100x8000000000000000536603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b2b83e994042fe52021-12-21 11:31:05.444root 11241100x8000000000000000536604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69c2265d264a75e02021-12-21 11:31:05.444root 11241100x8000000000000000536605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cf5dadb9a1975902021-12-21 11:31:05.444root 11241100x8000000000000000536606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2f055dad9713dfe2021-12-21 11:31:05.444root 11241100x8000000000000000536607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f8929a7e940099e2021-12-21 11:31:05.444root 11241100x8000000000000000536608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7b7ebfb3a139b642021-12-21 11:31:05.445root 11241100x8000000000000000536609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ec52edc6083b0f32021-12-21 11:31:05.445root 11241100x8000000000000000536610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.873a12b004c007242021-12-21 11:31:05.445root 11241100x8000000000000000536611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1174bf7c7ee134132021-12-21 11:31:05.445root 11241100x8000000000000000536612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.912ae323ef7234a42021-12-21 11:31:05.943root 11241100x8000000000000000536613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b42769f31603711c2021-12-21 11:31:05.944root 11241100x8000000000000000536614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c30a9a373eed41052021-12-21 11:31:05.944root 11241100x8000000000000000536615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3bab93dac8f76672021-12-21 11:31:05.944root 11241100x8000000000000000536616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.031321a1893248fc2021-12-21 11:31:05.944root 11241100x8000000000000000536617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf62c6a8301b07bc2021-12-21 11:31:05.944root 11241100x8000000000000000536618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea0f5bd4ffe6852e2021-12-21 11:31:05.944root 11241100x8000000000000000536619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1526ab5f1abec8892021-12-21 11:31:05.944root 11241100x8000000000000000536620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e2e2541599411ba2021-12-21 11:31:05.945root 11241100x8000000000000000536621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.651da9ca23e70cb32021-12-21 11:31:05.945root 11241100x8000000000000000536622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f8b29e2f93dd632021-12-21 11:31:05.945root 11241100x8000000000000000536623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a213fa685a2c0fbd2021-12-21 11:31:05.945root 11241100x8000000000000000536624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9a5aed7f43de3332021-12-21 11:31:05.945root 11241100x8000000000000000536625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.007f6e3b2dc454ab2021-12-21 11:31:05.945root 11241100x8000000000000000536626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b926545935b84dc2021-12-21 11:31:05.945root 11241100x8000000000000000536627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95b0a7dfc742f60f2021-12-21 11:31:05.945root 11241100x8000000000000000536628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a50b138bc0505e62021-12-21 11:31:05.945root 11241100x8000000000000000536629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d51f21fcc66b5b7d2021-12-21 11:31:05.945root 11241100x8000000000000000536630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9f9049a0c897ed32021-12-21 11:31:05.945root 11241100x8000000000000000536631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ebe709438b8695a2021-12-21 11:31:05.946root 11241100x8000000000000000536632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.326{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 11:31:06.326root 11241100x8000000000000000536633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.327{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.729ea9ab7480ed812021-12-21 11:31:06.327root 11241100x8000000000000000536634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.327{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f3f3d9929ca97752021-12-21 11:31:06.327root 11241100x8000000000000000536635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.328{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99c840d9f706c3912021-12-21 11:31:06.328root 11241100x8000000000000000536636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.328{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dde6ec37a24afdc42021-12-21 11:31:06.328root 11241100x8000000000000000536637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.328{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81a5447dd60c61342021-12-21 11:31:06.328root 11241100x8000000000000000536638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.328{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31ef363de304082a2021-12-21 11:31:06.328root 11241100x8000000000000000536639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8bcab1da30e7bcb2021-12-21 11:31:06.329root 11241100x8000000000000000536640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d86ebe56a2a8d352021-12-21 11:31:06.329root 11241100x8000000000000000536641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e795b63a1c4142b02021-12-21 11:31:06.329root 11241100x8000000000000000536642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.252263ae63bdb91a2021-12-21 11:31:06.329root 11241100x8000000000000000536643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.560b10811063e4292021-12-21 11:31:06.329root 11241100x8000000000000000536644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e40d17becf35c952021-12-21 11:31:06.329root 11241100x8000000000000000536645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e096b2c3e92c15cd2021-12-21 11:31:06.329root 11241100x8000000000000000536646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.442bcca0d927aa822021-12-21 11:31:06.329root 11241100x8000000000000000536647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fae337f6ea323da92021-12-21 11:31:06.329root 11241100x8000000000000000536648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a0451032f9f11b2021-12-21 11:31:06.329root 11241100x8000000000000000536649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7f02e03559a56782021-12-21 11:31:06.329root 11241100x8000000000000000536650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0a0635b92e816852021-12-21 11:31:06.329root 11241100x8000000000000000536651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f3b322ef9df12a72021-12-21 11:31:06.330root 11241100x8000000000000000536652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21753e13baf7bfa02021-12-21 11:31:06.330root 11241100x8000000000000000536653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd0e73873dc8c3802021-12-21 11:31:06.330root 11241100x8000000000000000536654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f83a71304ad3e4bf2021-12-21 11:31:06.330root 11241100x8000000000000000536655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41d550b879f9602b2021-12-21 11:31:06.330root 11241100x8000000000000000536656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d967f57471b6a7802021-12-21 11:31:06.693root 11241100x8000000000000000536657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.676f10ce317ab1462021-12-21 11:31:06.693root 11241100x8000000000000000536658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53e5d5bf142e1d222021-12-21 11:31:06.693root 11241100x8000000000000000536659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59e00db15ad934bd2021-12-21 11:31:06.693root 11241100x8000000000000000536660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce181c7315c982392021-12-21 11:31:06.693root 11241100x8000000000000000536661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a83fd816900eb1072021-12-21 11:31:06.693root 11241100x8000000000000000536662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7639bd6134afeb332021-12-21 11:31:06.693root 11241100x8000000000000000536663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77ceceb7d006026e2021-12-21 11:31:06.693root 11241100x8000000000000000536664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba83fd083a8a90362021-12-21 11:31:06.694root 11241100x8000000000000000536665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87be02848eba8e4c2021-12-21 11:31:06.694root 11241100x8000000000000000536666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e826ed55b7dec542021-12-21 11:31:06.694root 11241100x8000000000000000536667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f8c4e57629ad9f72021-12-21 11:31:06.694root 11241100x8000000000000000536668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d876bd249ac0ed552021-12-21 11:31:06.694root 11241100x8000000000000000536669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07511d45b2c41b752021-12-21 11:31:06.695root 11241100x8000000000000000536670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05e93b253626d3c42021-12-21 11:31:06.695root 11241100x8000000000000000536671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7774ea50b92bff902021-12-21 11:31:06.695root 11241100x8000000000000000536672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc5e1b3ab9046b632021-12-21 11:31:06.695root 11241100x8000000000000000536673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84cefb91833e4d132021-12-21 11:31:06.695root 11241100x8000000000000000536674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.051fa675ecc101a82021-12-21 11:31:06.695root 11241100x8000000000000000536675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.501ab79849757df82021-12-21 11:31:06.695root 11241100x8000000000000000536676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb5236a6d5fe1dcc2021-12-21 11:31:06.695root 11241100x8000000000000000536677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d881f5583b6571922021-12-21 11:31:06.696root 11241100x8000000000000000536678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2787c07c59328c82021-12-21 11:31:06.696root 11241100x8000000000000000536679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a4fe23996aa985f2021-12-21 11:31:06.696root 11241100x8000000000000000536680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c38edfdc9da7b84e2021-12-21 11:31:06.696root 11241100x8000000000000000536681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b468a1ab3fa034bd2021-12-21 11:31:06.697root 11241100x8000000000000000536682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa590026c22454202021-12-21 11:31:07.193root 11241100x8000000000000000536683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a576404fe9b4c402021-12-21 11:31:07.193root 11241100x8000000000000000536684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f77d211ba5610ad2021-12-21 11:31:07.193root 11241100x8000000000000000536685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1bdda7f35528e1e2021-12-21 11:31:07.193root 11241100x8000000000000000536686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acb3b98e111d91042021-12-21 11:31:07.193root 11241100x8000000000000000536687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.264d047fff4253752021-12-21 11:31:07.194root 11241100x8000000000000000536688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.642584fb5e508ded2021-12-21 11:31:07.194root 11241100x8000000000000000536689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf2ed399fea9c40b2021-12-21 11:31:07.194root 11241100x8000000000000000536690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f93e9bac08b6d8ed2021-12-21 11:31:07.194root 11241100x8000000000000000536691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0845b417145337f2021-12-21 11:31:07.194root 11241100x8000000000000000536692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.524c3ae906d1d5ef2021-12-21 11:31:07.194root 11241100x8000000000000000536693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0105e57f74603e862021-12-21 11:31:07.194root 11241100x8000000000000000536694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc93670ba86a3c422021-12-21 11:31:07.194root 11241100x8000000000000000536695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7884e6e380f1e6722021-12-21 11:31:07.194root 11241100x8000000000000000536696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a640bced7bf27e52021-12-21 11:31:07.194root 11241100x8000000000000000536697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.814b8858b70020a32021-12-21 11:31:07.194root 11241100x8000000000000000536698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdaf9cbed15c55332021-12-21 11:31:07.194root 11241100x8000000000000000536699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.463c385af462f4c82021-12-21 11:31:07.194root 11241100x8000000000000000536700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef66b8d1b034e90b2021-12-21 11:31:07.194root 11241100x8000000000000000536701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.527a13d59ea2e6932021-12-21 11:31:07.194root 11241100x8000000000000000536702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87dd14a3529a8b1e2021-12-21 11:31:07.195root 11241100x8000000000000000536703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f304130d97c8c0e82021-12-21 11:31:07.693root 11241100x8000000000000000536704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.938e63d411b8f5002021-12-21 11:31:07.693root 11241100x8000000000000000536705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ddd769689d262872021-12-21 11:31:07.693root 11241100x8000000000000000536706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6830ed11bbfa1d932021-12-21 11:31:07.693root 11241100x8000000000000000536707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13991f558349b24f2021-12-21 11:31:07.693root 11241100x8000000000000000536708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.118dbc17ac9332f32021-12-21 11:31:07.693root 11241100x8000000000000000536709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1354f32ffb8399a2021-12-21 11:31:07.693root 11241100x8000000000000000536710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bd89876169535aa2021-12-21 11:31:07.693root 11241100x8000000000000000536711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.307141c60b39a81f2021-12-21 11:31:07.693root 11241100x8000000000000000536712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb7a343fccc508e82021-12-21 11:31:07.693root 11241100x8000000000000000536713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.830bfb63250abfdf2021-12-21 11:31:07.694root 11241100x8000000000000000536714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6c7817cd1ec82602021-12-21 11:31:07.694root 11241100x8000000000000000536715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07b171d03d91f4612021-12-21 11:31:07.694root 11241100x8000000000000000536716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eedba0ac85b6b6a2021-12-21 11:31:07.694root 11241100x8000000000000000536717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5e738e7c89f34472021-12-21 11:31:07.694root 11241100x8000000000000000536718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c9d5efa74c094b02021-12-21 11:31:07.694root 11241100x8000000000000000536719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21af75968158bec32021-12-21 11:31:07.694root 11241100x8000000000000000536720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b759825972a5ddd2021-12-21 11:31:07.694root 11241100x8000000000000000536721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1173659020c149102021-12-21 11:31:07.694root 11241100x8000000000000000536722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d78581715fcef232021-12-21 11:31:07.694root 11241100x8000000000000000536723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67148c0a784c16ca2021-12-21 11:31:07.694root 11241100x8000000000000000536724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e9f63e2534f2ee2021-12-21 11:31:08.193root 11241100x8000000000000000536725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7781d8521e93a5322021-12-21 11:31:08.193root 11241100x8000000000000000536726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4358273498fea8732021-12-21 11:31:08.193root 11241100x8000000000000000536727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4db2c657ed721f0a2021-12-21 11:31:08.194root 11241100x8000000000000000536728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50bde060e5aea7222021-12-21 11:31:08.194root 11241100x8000000000000000536729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77a0f7ef7ffac7662021-12-21 11:31:08.194root 11241100x8000000000000000536730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a88eb60bc61f571c2021-12-21 11:31:08.194root 11241100x8000000000000000536731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa327a8afd392ba52021-12-21 11:31:08.194root 11241100x8000000000000000536732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dfe0bbc3be47cd22021-12-21 11:31:08.194root 11241100x8000000000000000536733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12a6f06fa0d1016f2021-12-21 11:31:08.194root 11241100x8000000000000000536734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbc14bf7b7f95d182021-12-21 11:31:08.194root 11241100x8000000000000000536735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc4005a062904362021-12-21 11:31:08.194root 11241100x8000000000000000536736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.718c0c4e15cb382d2021-12-21 11:31:08.194root 11241100x8000000000000000536737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6bee4979b0fdd562021-12-21 11:31:08.194root 11241100x8000000000000000536738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02b96f42eda059232021-12-21 11:31:08.194root 11241100x8000000000000000536739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.128f073d067c645d2021-12-21 11:31:08.194root 11241100x8000000000000000536740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e12b55cfa61412022021-12-21 11:31:08.194root 11241100x8000000000000000536741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f29456347df47b662021-12-21 11:31:08.194root 11241100x8000000000000000536742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b717e721007f52aa2021-12-21 11:31:08.195root 11241100x8000000000000000536743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdf4fd84972179802021-12-21 11:31:08.195root 11241100x8000000000000000536744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76496cd7c86601842021-12-21 11:31:08.195root 11241100x8000000000000000536745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c4e627e999923172021-12-21 11:31:08.693root 11241100x8000000000000000536746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.677b8eb9d7516f062021-12-21 11:31:08.693root 11241100x8000000000000000536747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.509ee924de8b5bd62021-12-21 11:31:08.693root 11241100x8000000000000000536748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e8b458830f8a6a52021-12-21 11:31:08.693root 11241100x8000000000000000536749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.701bb809e9b4fc252021-12-21 11:31:08.693root 11241100x8000000000000000536750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14d370aed95d4b042021-12-21 11:31:08.693root 11241100x8000000000000000536751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9397043a46dc5d4c2021-12-21 11:31:08.693root 11241100x8000000000000000536752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57246c8da8963f9c2021-12-21 11:31:08.693root 11241100x8000000000000000536753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03899cf5d33cde262021-12-21 11:31:08.693root 11241100x8000000000000000536754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.064b102040e8ba392021-12-21 11:31:08.693root 11241100x8000000000000000536755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b091cf44b97bdc02021-12-21 11:31:08.693root 11241100x8000000000000000536756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b44e736966f1abe92021-12-21 11:31:08.693root 11241100x8000000000000000536757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.349c73e26143b4a02021-12-21 11:31:08.693root 11241100x8000000000000000536758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beffdd07bc51642e2021-12-21 11:31:08.694root 11241100x8000000000000000536759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f79ec3160d639222021-12-21 11:31:08.694root 11241100x8000000000000000536760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa75be05d88f97f22021-12-21 11:31:08.694root 11241100x8000000000000000536761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e3fd036c422f5a92021-12-21 11:31:08.694root 11241100x8000000000000000536762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7539fa705a9dc8392021-12-21 11:31:08.694root 11241100x8000000000000000536763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afc8daac6086d3cf2021-12-21 11:31:08.694root 11241100x8000000000000000536764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb6732fcf5c3f4d32021-12-21 11:31:08.694root 11241100x8000000000000000536765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94a8ebecc8cc0c132021-12-21 11:31:08.694root 11241100x8000000000000000536766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fd867d8aac461e22021-12-21 11:31:08.694root 11241100x8000000000000000536767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00f8fb88fe622aea2021-12-21 11:31:08.694root 11241100x8000000000000000536768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0d6cd99404b4da22021-12-21 11:31:08.694root 11241100x8000000000000000536769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6de8b90a34492332021-12-21 11:31:08.694root 11241100x8000000000000000536770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e7803391a02ff5d2021-12-21 11:31:09.193root 11241100x8000000000000000536771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3415d03de8d3345f2021-12-21 11:31:09.193root 11241100x8000000000000000536772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0053e0c43b4839e52021-12-21 11:31:09.193root 11241100x8000000000000000536773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a876c216b8d0d7502021-12-21 11:31:09.193root 11241100x8000000000000000536774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb540c31f7baaa952021-12-21 11:31:09.193root 11241100x8000000000000000536775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e417bed769e499a72021-12-21 11:31:09.193root 11241100x8000000000000000536776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f450937a65c6e08a2021-12-21 11:31:09.193root 11241100x8000000000000000536777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d5a99aa702e8012021-12-21 11:31:09.193root 11241100x8000000000000000536778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7abf2160c2eab4d82021-12-21 11:31:09.193root 11241100x8000000000000000536779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f570bb53cebcca2f2021-12-21 11:31:09.193root 11241100x8000000000000000536780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ca364db6bc4d03a2021-12-21 11:31:09.194root 11241100x8000000000000000536781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2544eba0dbb6de6d2021-12-21 11:31:09.194root 11241100x8000000000000000536782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a89217a0912fc01d2021-12-21 11:31:09.194root 11241100x8000000000000000536783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e2725130915b632021-12-21 11:31:09.194root 11241100x8000000000000000536784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fe16524b4145a0c2021-12-21 11:31:09.194root 11241100x8000000000000000536785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95fb68d1531ded562021-12-21 11:31:09.194root 11241100x8000000000000000536786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca1308076dc6e1f82021-12-21 11:31:09.194root 11241100x8000000000000000536787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea000282e0c102992021-12-21 11:31:09.194root 11241100x8000000000000000536788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dcaf7665e6033712021-12-21 11:31:09.194root 11241100x8000000000000000536789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae8e7f880f3fc4f72021-12-21 11:31:09.194root 11241100x8000000000000000536790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e5904401db79712021-12-21 11:31:09.194root 23542300x8000000000000000536791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.248{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000536792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b82934b44def96e2021-12-21 11:31:09.693root 11241100x8000000000000000536793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bf2598d835459432021-12-21 11:31:09.693root 11241100x8000000000000000536794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.052b17e7cedae8ea2021-12-21 11:31:09.693root 11241100x8000000000000000536795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f79aebc33ccecb42021-12-21 11:31:09.694root 11241100x8000000000000000536796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.457cded3976c06aa2021-12-21 11:31:09.694root 11241100x8000000000000000536797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cb701ce788917ab2021-12-21 11:31:09.694root 11241100x8000000000000000536798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad716228cfa776342021-12-21 11:31:09.694root 11241100x8000000000000000536799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20b52eaf9465234b2021-12-21 11:31:09.694root 11241100x8000000000000000536800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9ee90bc07efa80e2021-12-21 11:31:09.694root 11241100x8000000000000000536801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f38e6bc1ebc128f2021-12-21 11:31:09.694root 11241100x8000000000000000536802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.382957cd60be8e582021-12-21 11:31:09.694root 11241100x8000000000000000536803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3c9784558e860fd2021-12-21 11:31:09.694root 11241100x8000000000000000536804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c92e0ab85cfb28d42021-12-21 11:31:09.694root 11241100x8000000000000000536805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be9b0425d02d2d432021-12-21 11:31:09.694root 11241100x8000000000000000536806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35bf0d89c2a0c2452021-12-21 11:31:09.694root 11241100x8000000000000000536807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1022aaaf38c58472021-12-21 11:31:09.694root 11241100x8000000000000000536808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b37e55f15795e86e2021-12-21 11:31:09.694root 11241100x8000000000000000536809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.072cad2cc6960acf2021-12-21 11:31:09.694root 11241100x8000000000000000536810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba4d49f10c8048352021-12-21 11:31:09.695root 11241100x8000000000000000536811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fabc1e9c490070bc2021-12-21 11:31:09.695root 11241100x8000000000000000536812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6947e9d57dc16042021-12-21 11:31:09.695root 11241100x8000000000000000536813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e4c095c018477b22021-12-21 11:31:09.695root 11241100x8000000000000000536814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7b6b74ce7294c342021-12-21 11:31:10.193root 11241100x8000000000000000536815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc2e0f8be21149462021-12-21 11:31:10.193root 11241100x8000000000000000536816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e77f7722b16271b32021-12-21 11:31:10.193root 11241100x8000000000000000536817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c20eb19ef2391c2021-12-21 11:31:10.193root 11241100x8000000000000000536818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d28b0836b20917472021-12-21 11:31:10.193root 11241100x8000000000000000536819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4168741f2ced9682021-12-21 11:31:10.193root